Search in sources :

Example 56 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodPrivateKeyJwtPS512.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "PS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodPrivateKeyJwtPS512(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("tokenEndpointAuthMethodPrivateKeyJwtPS512");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client read
    RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient readClient = new RegisterClient(registrationClientUri);
    readClient.setRequest(readClientRequest);
    RegisterResponse readClientResponse = readClient.exec();
    showClient(readClient);
    assertRegisterResponseOk(readClientResponse, 200, false);
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
    // 3. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNull(authorizationResponse.getIdToken(), "The id token is not null");
    String authorizationCode = authorizationResponse.getCode();
    // 4. Get Access Token
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.PS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 57 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodPrivateKeyJwtSigningAlgES256Fail3.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodPrivateKeyJwtSigningAlgES256Fail3(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("tokenEndpointAuthMethodPrivateKeyJwtSigningAlgES256Fail3");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.ES256);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client read
    RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient readClient = new RegisterClient(registrationClientUri);
    readClient.setRequest(readClientRequest);
    RegisterResponse readClientResponse = readClient.exec();
    showClient(readClient);
    assertRegisterResponseOk(readClientResponse, 200, false);
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.ES256.toString());
    assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
    // 3. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNull(authorizationResponse.getIdToken(), "The id token is not null");
    String authorizationCode = authorizationResponse.getCode();
    // 4. Get Access Token
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 58 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodPrivateKeyJwtSigningAlgRS384Fail4.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodPrivateKeyJwtSigningAlgRS384Fail4(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("tokenEndpointAuthMethodPrivateKeyJwtSigningAlgRS384Fail4");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.RS384);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client read
    RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient readClient = new RegisterClient(registrationClientUri);
    readClient.setRequest(readClientRequest);
    RegisterResponse readClientResponse = readClient.exec();
    showClient(readClient);
    assertRegisterResponseOk(readClientResponse, 200, false);
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.RS384.toString());
    assertRegisterResponseClaimsNotNull(readClientResponse, RESPONSE_TYPES, REDIRECT_URIS.APPLICATION_TYPE, CLIENT_NAME, ID_TOKEN_SIGNED_RESPONSE_ALG, SCOPE);
    // 3. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, true);
    assertNull(authorizationResponse.getIdToken(), "The id token is not null");
    String authorizationCode = authorizationResponse.getCode();
    // 4. Get Access Token
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.ES384);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 59 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class AuthorizationResponseModeJwtResponseTypeCodeSignedEncryptedHttpTest method ensureRequestObjectWithoutRedirectUriFails.

@Parameters({ "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// Enable FAPI to run this test!
@Test(enabled = false)
public void ensureRequestObjectWithoutRedirectUriFails(final String redirectUri, final String redirectUris, final String clientJwksUri, final String encryptionKeyId, final String signingKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("ensureRequestObjectWithoutRedirectUriFails");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.PS256, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scope = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scope, redirectUri, null);
    AuthCryptoProvider cryptoProvider1 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    JwtAuthorizationRequest jwsAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.PS256, cryptoProvider1);
    jwsAuthorizationRequest.setKeyId(signingKeyId);
    jwsAuthorizationRequest.setRedirectUri(null);
    jwsAuthorizationRequest.setResponseMode(ResponseMode.JWT);
    jwsAuthorizationRequest.setState(state);
    // FAPI: nonce param is required
    jwsAuthorizationRequest.setNonce(nonce);
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setNbf((int) Instant.now().getEpochSecond());
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setExp(jwsAuthorizationRequest.getNbf() + 3600);
    Jwt authJws = Jwt.parse(jwsAuthorizationRequest.getEncodedJwt());
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider2 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider2.getPrivateKey(encryptionKeyId);
    JwtAuthorizationRequest jweAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider2);
    jweAuthorizationRequest.setKeyId(serverKeyId);
    jweAuthorizationRequest.setNestedPayload(authJws);
    String authJwe = jweAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwe);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertNotNull(authorizationResponse.getResponse());
    Jwe response = Jwe.parse(authorizationResponse.getResponse(), privateKey, null);
    assertJweResponse(response);
    assertTrue(Arrays.asList("invalid_request", "invalid_request_object").contains(response.getClaims().getClaimAsString("error")));
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 60 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class AuthorizationResponseModeJwtResponseTypeCodeSignedEncryptedHttpTest method ensureRequestObjectWithoutScopeFails.

@Parameters({ "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// Enable FAPI to run this test!
@Test(enabled = false)
public void ensureRequestObjectWithoutScopeFails(final String redirectUri, final String redirectUris, final String clientJwksUri, final String encryptionKeyId, final String signingKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("ensureRequestObjectWithoutScopeFails");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.PS256, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scope = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scope, redirectUri, null);
    AuthCryptoProvider cryptoProvider1 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    JwtAuthorizationRequest jwsAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.PS256, cryptoProvider1);
    jwsAuthorizationRequest.setKeyId(signingKeyId);
    jwsAuthorizationRequest.setRedirectUri(redirectUri);
    jwsAuthorizationRequest.setResponseMode(ResponseMode.JWT);
    jwsAuthorizationRequest.setState(state);
    // FAPI: nonce param is required
    jwsAuthorizationRequest.setNonce(nonce);
    // FAPI: scope param is required
    jwsAuthorizationRequest.setScopes(null);
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setNbf((int) Instant.now().getEpochSecond());
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setExp(jwsAuthorizationRequest.getNbf() + 3600);
    Jwt authJws = Jwt.parse(jwsAuthorizationRequest.getEncodedJwt());
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider2 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider2.getPrivateKey(encryptionKeyId);
    JwtAuthorizationRequest jweAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider2);
    jweAuthorizationRequest.setKeyId(serverKeyId);
    jweAuthorizationRequest.setNestedPayload(authJws);
    String authJwe = jweAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwe);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertNotNull(authorizationResponse.getResponse());
    Jwe response = Jwe.parse(authorizationResponse.getResponse(), privateKey, null);
    assertJweResponse(response);
    assertTrue(Arrays.asList("invalid_request", "invalid_request_object", "invalid_request_uri", "access_denied").contains(response.getClaims().getClaimAsString("error")));
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Aggregations

AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)818 Test (org.testng.annotations.Test)808 Parameters (org.testng.annotations.Parameters)807 BaseTest (io.jans.as.client.BaseTest)730 RegisterResponse (io.jans.as.client.RegisterResponse)675 ResponseType (io.jans.as.model.common.ResponseType)664 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)571 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)456 Claim (io.jans.as.client.model.authorize.Claim)413 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)337 RegisterClient (io.jans.as.client.RegisterClient)315 RegisterRequest (io.jans.as.client.RegisterRequest)315 JSONObject (org.json.JSONObject)182 TokenRequest (io.jans.as.client.TokenRequest)170 TokenResponse (io.jans.as.client.TokenResponse)160 TokenClient (io.jans.as.client.TokenClient)151 Jwt (io.jans.as.model.jwt.Jwt)128 JwkClient (io.jans.as.client.JwkClient)100 JwkResponse (io.jans.as.client.JwkResponse)100 UserInfoClient (io.jans.as.client.UserInfoClient)93