use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method backchannelTokenDeliveryModePingIdTokenHintPS512.
@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "PS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintPS512")
public void backchannelTokenDeliveryModePingIdTokenHintPS512(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("backchannelTokenDeliveryModePingIdTokenHintPS512");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS512);
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS512);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.PS512, BackchannelTokenDeliveryMode.PING, true);
String clientId = registerResponse.getClientId();
// 2. Authentication Request
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setIdTokenHint(idTokenHintPS512);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.PS512);
backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
backchannelAuthenticationRequest.setKeyId(keyId);
backchannelAuthenticationRequest.setAudience(tokenEndpoint);
backchannelAuthenticationRequest.setAuthUsername(clientId);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method loginHintTokenPS384.
@Parameters({ "PS384_keyId", "userEmail", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void loginHintTokenPS384(final String keyId, final String userEmail, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("loginHintTokenPS384");
JSONObject subjectValue = new JSONObject();
subjectValue.put("subject_type", "email");
subjectValue.put("email", userEmail);
Jwt jwt = new Jwt();
jwt.getHeader().setAlgorithm(SignatureAlgorithm.PS384);
jwt.getHeader().setKeyId(keyId);
jwt.getClaims().setClaim("subject", subjectValue);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String encodedSignature = cryptoProvider.sign(jwt.getSigningInput(), keyId, null, SignatureAlgorithm.PS384);
jwt.setEncodedSignature(encodedSignature);
loginHintTokenPS384 = jwt.toString();
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method idTokenHintAlgRSAOAEPEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri", "clientJwksUri", "RSA_OAEP_keyId", "keyStoreFile", "keyStoreSecret" })
@Test
public void idTokenHintAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("idTokenHintAlgRSAOAEPEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Collections.singletonList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertJweStandarClaimsNotNull(jwe, true);
idTokenHintAlgRSAOAEPEncA256GCM = idToken;
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method loginHintTokenRS512.
@Parameters({ "RS512_keyId", "userEmail", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void loginHintTokenRS512(final String keyId, final String userEmail, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("loginHintTokenRS512");
JSONObject subjectValue = new JSONObject();
subjectValue.put("subject_type", "email");
subjectValue.put("email", userEmail);
Jwt jwt = new Jwt();
jwt.getHeader().setAlgorithm(SignatureAlgorithm.RS512);
jwt.getHeader().setKeyId(keyId);
jwt.getClaims().setClaim("subject", subjectValue);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String encodedSignature = cryptoProvider.sign(jwt.getSigningInput(), keyId, null, SignatureAlgorithm.RS512);
jwt.setEncodedSignature(encodedSignature);
loginHintTokenRS512 = jwt.toString();
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method backchannelTokenDeliveryModePingIdTokenHintPS384.
@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "PS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintPS384")
public void backchannelTokenDeliveryModePingIdTokenHintPS384(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("backchannelTokenDeliveryModePingIdTokenHintPS384");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS384);
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS384);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.PS384, BackchannelTokenDeliveryMode.PING, true);
String clientId = registerResponse.getClientId();
// 2. Authentication Request
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setIdTokenHint(idTokenHintPS384);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.PS384);
backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
backchannelAuthenticationRequest.setKeyId(keyId);
backchannelAuthenticationRequest.setAudience(tokenEndpoint);
backchannelAuthenticationRequest.setAuthUsername(clientId);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
}
Aggregations