use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class IndividualClaimsRequestsTest method requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.NONE);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE);
registerRequest.setClaims(Arrays.asList(JwtClaimName.NAME, JwtClaimName.NICKNAME, JwtClaimName.GIVEN_NAME, JwtClaimName.FAMILY_NAME, JwtClaimName.PICTURE, JwtClaimName.ZONEINFO, JwtClaimName.LOCALE, JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION, JwtClaimName.ADDRESS_POSTAL_CODE, JwtClaimName.ADDRESS_COUNTRY));
RegisterClient registerClient = newRegisterClient(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
List<String> scopes = Arrays.asList("openid", "clientinfo");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.NONE, clientSecret, cryptoProvider);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ZONEINFO, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.LOCALE, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_LOCALITY, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_REGION, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_POSTAL_CODE, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, true);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NICKNAME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.GIVEN_NAME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.FAMILY_NAME));
assertNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
assertNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL_VERIFIED));
PlainTextSignature signer = new PlainTextSignature();
assertTrue(signer.validate(jwt));
// 4. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse, false);
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_LOCALITY));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_REGION));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
}
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class RedirectUriTest method getQueryString_responseModeFormPostJWT_responseEncodedNoEmpty.
@Test
public void getQueryString_responseModeFormPostJWT_responseEncodedNoEmpty() throws CryptoProviderException {
RedirectUri redirectUri = getRedirectUriTemplateGetQueryString(ResponseMode.FORM_POST_JWT, null, null, null);
AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
when(cryptoProvider.sign(anyString(), anyString(), anyString(), any())).thenReturn("12345");
redirectUri.setCryptoProvider(cryptoProvider);
redirectUri.addResponseParameter(AuthorizeResponseParam.EXPIRES_IN, "3000");
String queryResult = redirectUri.getQueryString();
System.out.println(queryResult);
// No empty Result
assertTrue(queryResult.length() > 0);
assertEquals(queryResult, "eyJraWQiOiJrZXkxMjMiLCJ0eXAiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzIiwiZXhwIjoiMzAwMCIsImV4cGlyZXNfaW4iOiIzMDAwIn0.12345");
}
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class RedirectUriTest method getQueryString_withEncriptionAlgorithm128NoSignatureAlgorithm_responseEncoded.
@Test
public void getQueryString_withEncriptionAlgorithm128NoSignatureAlgorithm_responseEncoded() throws UnsupportedEncodingException {
RedirectUri redirectUri = getRedirectUriTemplateGetQueryString(ResponseMode.JWT, KeyEncryptionAlgorithm.A128KW, BlockEncryptionAlgorithm.A128GCM, null);
AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
redirectUri.setCryptoProvider(cryptoProvider);
redirectUri.setNestedKeyId("nestedKey123");
redirectUri.setNestedSharedSecret("nested_shared_secret");
redirectUri.setSharedSymmetricKey("0123456789012345".getBytes());
redirectUri.addResponseParameter(EXPIRES_IN, "1644270473301");
String queryResult = redirectUri.getQueryString();
System.out.println(queryResult);
assertNoEmptyQueryString(queryResult, RESPONSE, 1);
assertTrue(queryResult.startsWith("response=eyJ0eXAiOiJqd3QiLCJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiQTEyOEtXIn0."));
}
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class RedirectUriTest method toString_withResponseModeJwtAndresponseTypeCode_validURLQueryString.
@Test
public void toString_withResponseModeJwtAndresponseTypeCode_validURLQueryString() throws CryptoProviderException {
String valTestCase = "http://redirecturl.com/?response=eyJraWQiOiJrZXkxMjMiLCJ0eXAiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOiIxNjQ0MjcwNDczMzAxIiwiZXhwaXJlc19pbiI6IjE2NDQyNzA0NzMzMDEiLCJjbGllbnRfaWQiOiIxMjMifQ.12345";
List<ResponseType> typeList = new ArrayList<>();
typeList.add(ResponseType.CODE);
RedirectUri redirectUri = new RedirectUri("http://redirecturl.com/", typeList, ResponseMode.JWT);
redirectUri.setKeyId("key123");
redirectUri.setSharedSecret("shared_secret");
redirectUri.addResponseParameter(CLIENT_ID, "123");
redirectUri.addResponseParameter(EXPIRES_IN, "1644270473301");
AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
when(cryptoProvider.sign(anyString(), anyString(), anyString(), any(SignatureAlgorithm.class))).thenReturn("12345");
redirectUri.setCryptoProvider(cryptoProvider);
assertEquals(redirectUri.toString(), valTestCase);
}
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class TokenSignaturesHttpTest method requestAuthorizationIdTokenNone.
@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestAuthorizationIdTokenNone(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestAuthorizationIdTokenNone");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
// 1. Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setContacts(Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getCode());
assertNotNull(authorizationResponse.getState());
assertNotNull(authorizationResponse.getScope());
assertNull(authorizationResponse.getIdToken());
String scope = authorizationResponse.getScope();
String authorizationCode = authorizationResponse.getCode();
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200);
assertNotNull(tokenResponse.getEntity());
assertNotNull(tokenResponse.getAccessToken());
assertNotNull(tokenResponse.getExpiresIn());
assertNotNull(tokenResponse.getTokenType());
assertNotNull(tokenResponse.getRefreshToken());
String idToken = tokenResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null, null, null, SignatureAlgorithm.NONE);
assertTrue(validJwt);
}
Aggregations