Example 11 with AbstractCryptoProvider
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class MultivaluedClaims method authorizationRequestObjectWithMultivaluedClaimNone.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectWithMultivaluedClaimNone(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestObjectWithMultivaluedClaimNone");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.NONE);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.NONE);
registerRequest.setClaims(Arrays.asList("member_of"));
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.NONE, null, cryptoProvider);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim("member_of", ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim("member_of", ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, true);
assertNotNull(jwt.getClaims().getClaimAsStringList("member_of"));
assertTrue(jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
PlainTextSignature signer = new PlainTextSignature();
assertTrue(signer.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim("member_of"));
assertTrue(userInfoResponse.getClaim("member_of").size() > 1);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoRequest(io.jans.as.client.UserInfoRequest)
PlainTextSignature(io.jans.as.model.jws.PlainTextSignature)
UserInfoClient(io.jans.as.client.UserInfoClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RegisterClient(io.jans.as.client.RegisterClient)
JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest)
AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
Claim(io.jans.as.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 12 with AbstractCryptoProvider
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class EncodeClaimsInStateParameter method jwtStateNONETest.
@Test
public void jwtStateNONETest() throws Exception {
showTitle("jwtStateNONETest");
AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(SignatureAlgorithm.NONE, cryptoProvider);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt();
assertNotNull(encodedState);
System.out.println("Encoded State: " + encodedState);
Jwt jwt = Jwt.parse(encodedState);
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null, null, null, SignatureAlgorithm.NONE);
assertTrue(validJwt);
}
Also used :
JSONObject(org.json.JSONObject)
Jwt(io.jans.as.model.jwt.Jwt)
AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider)
JwtState(io.jans.as.client.model.JwtState)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 13 with AbstractCryptoProvider
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class IndividualClaimsRequestsTest method requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponsAlgNone.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponsAlgNone(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponsAlgNone");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.NONE);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.NONE);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE);
registerRequest.setClaims(Arrays.asList(JwtClaimName.NAME, JwtClaimName.NICKNAME, JwtClaimName.GIVEN_NAME, JwtClaimName.FAMILY_NAME, JwtClaimName.PICTURE, JwtClaimName.ZONEINFO, JwtClaimName.LOCALE, JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION, JwtClaimName.ADDRESS_POSTAL_CODE, JwtClaimName.ADDRESS_COUNTRY));
RegisterClient registerClient = newRegisterClient(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
List<String> scopes = Arrays.asList("openid", "clientinfo");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.NONE, clientSecret, cryptoProvider);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ZONEINFO, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.LOCALE, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_LOCALITY, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_REGION, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_POSTAL_CODE, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, true);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NICKNAME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.GIVEN_NAME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.FAMILY_NAME));
assertNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
assertNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL_VERIFIED));
PlainTextSignature signer = new PlainTextSignature();
assertTrue(signer.validate(jwt));
// 4. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse, false);
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_LOCALITY));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_REGION));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
PlainTextSignature(io.jans.as.model.jws.PlainTextSignature)
UserInfoClient(io.jans.as.client.UserInfoClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RegisterClient(io.jans.as.client.RegisterClient)
JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest)
AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
Claim(io.jans.as.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 14 with AbstractCryptoProvider
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class RedirectUriTest method toString_withResponseModeFormPostJwt_validHtmlFormResponse.
@Test
public void toString_withResponseModeFormPostJwt_validHtmlFormResponse() throws CryptoProviderException {
String valTestCase = "<html><head><title>Submit This Form</title></head><body onload=\"javascript:document.forms[0].submit()\"><form method=\"post\" action=\"http://redirecturl.com/\"><input type=\"hidden\" name=\"response\" value=\"eyJraWQiOiJrZXkxMjMiLCJ0eXAiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJ0b2tlbiBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly9yZWRpcmVjdHVybC5jb20vIiwic3RhdGUiOiJjOTU1NzBkMS01YWI4LTQ2OGItOWMwMS05Y2M2MGUwMmIwMjMiLCJleHAiOiIxNjQ0MjcwNDczMzAxIiwibm9uY2UiOiIwZGEwZDA0Yi1hNmJkLTRkOWUtOGJkOS0yMTE2NWYwZDNiYjciLCJleHBpcmVzX2luIjoiMTY0NDI3MDQ3MzMwMSIsImNsaWVudF9pZCI6IjEyMyJ9.12345\"/></form></body></html>";
RedirectUri redirectUri = getRedirectUriTemplateToString();
redirectUri.setResponseMode(ResponseMode.FORM_POST_JWT);
AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
when(cryptoProvider.sign(anyString(), anyString(), anyString(), any(SignatureAlgorithm.class))).thenReturn("12345");
redirectUri.setCryptoProvider(cryptoProvider);
redirectUri.setKeyId("key123");
redirectUri.setSharedSecret("shared_secret");
redirectUri.setNestedSharedSecret("nested_shared_secret");
assertEquals(redirectUri.toString(), valTestCase);
}
Also used :
AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Test(org.testng.annotations.Test)
Example 15 with AbstractCryptoProvider
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class RedirectUriTest method getQueryString_withEncriptionAlgorithmRSANoSignatureAlgorithm_responseEncoded.
@Test
public void getQueryString_withEncriptionAlgorithmRSANoSignatureAlgorithm_responseEncoded() throws CryptoProviderException, UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
RedirectUri redirectUri = getRedirectUriTemplateGetQueryString(ResponseMode.JWT, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256GCM, null);
AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
when(cryptoProvider.getPublicKey(anyString(), any(), any())).thenReturn(getRSAPublicKey());
redirectUri.setCryptoProvider(cryptoProvider);
redirectUri.addResponseParameter(AuthorizeResponseParam.EXPIRES_IN, "1644270473301");
String queryResult = redirectUri.getQueryString();
System.out.println(queryResult);
assertNoEmptyQueryString(queryResult, RESPONSE, 1);
assertTrue(queryResult.startsWith("response=eyJ0eXAiOiJqd3QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBMV81In0."));
}
Also used :
AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Test(org.testng.annotations.Test)
Aggregations
AbstractCryptoProvider (io.jans.as.model.crypto.AbstractCryptoProvider)23
Test (org.testng.annotations.Test)17
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)10
ResponseType (io.jans.as.model.common.ResponseType)7
BaseTest (io.jans.as.client.BaseTest)6
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)6
Jwt (io.jans.as.model.jwt.Jwt)6
AuthorizationRequest (io.jans.as.client.AuthorizationRequest)5
AuthorizationResponse (io.jans.as.client.AuthorizationResponse)5
RegisterClient (io.jans.as.client.RegisterClient)5
RegisterRequest (io.jans.as.client.RegisterRequest)5
RegisterResponse (io.jans.as.client.RegisterResponse)5
Parameters (org.testng.annotations.Parameters)5
UserInfoClient (io.jans.as.client.UserInfoClient)4
UserInfoResponse (io.jans.as.client.UserInfoResponse)4
Claim (io.jans.as.client.model.authorize.Claim)4
JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)4
PlainTextSignature (io.jans.as.model.jws.PlainTextSignature)3
ArrayList (java.util.ArrayList)3
JSONObject (org.json.JSONObject)3
