Search in sources :

Example 91 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class AuthorizationResponseModeFragmentJwtResponseTypeTokenIdTokenEncryptedHttpTest method authorizationRequestObjectAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodAlgRSAOAEPEncA256GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.FRAGMENT_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    authorizationRequest(authorizationRequest, ResponseMode.FRAGMENT_JWT, userId, userSecret);
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 92 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class AuthorizationResponseModeFragmentJwtResponseTypeTokenSignedHttpTest method authorizationRequestObjectES512.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectES512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodES512");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.ES512, null, null);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    request.setResponseMode(ResponseMode.FRAGMENT_JWT);
    request.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.ES512, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    request.setRequest(authJwt);
    authorizationRequest(request, ResponseMode.FRAGMENT_JWT, userId, userSecret);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 93 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class AuthorizationResponseModeFragmentJwtResponseTypeTokenSignedHttpTest method authorizationRequestObjectRS384.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectRS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodRS384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.RS384, null, null);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    request.setResponseMode(ResponseMode.FRAGMENT_JWT);
    request.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS384, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    request.setRequest(authJwt);
    authorizationRequest(request, ResponseMode.FRAGMENT_JWT, userId, userSecret);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 94 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class AuthorizationResponseModeFragmentJwtResponseTypeTokenSignedHttpTest method authorizationRequestObjectRS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectRS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodRS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.RS256, null, null);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    request.setResponseMode(ResponseMode.FRAGMENT_JWT);
    request.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS256, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    request.setRequest(authJwt);
    authorizationRequest(request, ResponseMode.FRAGMENT_JWT, userId, userSecret);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 95 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class AuthorizationResponseModeFragmentJwtResponseTypeTokenSignedHttpTest method authorizationRequestObjectES384.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectES384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodES384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.ES384, null, null);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    request.setResponseMode(ResponseMode.FRAGMENT_JWT);
    request.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.ES384, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    request.setRequest(authJwt);
    authorizationRequest(request, ResponseMode.FRAGMENT_JWT, userId, userSecret);
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Aggregations

AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)818 Test (org.testng.annotations.Test)808 Parameters (org.testng.annotations.Parameters)807 BaseTest (io.jans.as.client.BaseTest)730 RegisterResponse (io.jans.as.client.RegisterResponse)675 ResponseType (io.jans.as.model.common.ResponseType)664 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)571 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)456 Claim (io.jans.as.client.model.authorize.Claim)413 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)337 RegisterClient (io.jans.as.client.RegisterClient)315 RegisterRequest (io.jans.as.client.RegisterRequest)315 JSONObject (org.json.JSONObject)182 TokenRequest (io.jans.as.client.TokenRequest)170 TokenResponse (io.jans.as.client.TokenResponse)160 TokenClient (io.jans.as.client.TokenClient)151 Jwt (io.jans.as.model.jwt.Jwt)128 JwkClient (io.jans.as.client.JwkClient)100 JwkResponse (io.jans.as.client.JwkResponse)100 UserInfoClient (io.jans.as.client.UserInfoClient)93