use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPushMode method loginHintTokenRS512.
@Parameters({ "RS512_keyId", "userEmail", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void loginHintTokenRS512(final String keyId, final String userEmail, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("loginHintTokenRS512");
JSONObject subjectValue = new JSONObject();
subjectValue.put("subject_type", "email");
subjectValue.put("email", userEmail);
Jwt jwt = new Jwt();
jwt.getHeader().setAlgorithm(SignatureAlgorithm.RS512);
jwt.getHeader().setKeyId(keyId);
jwt.getClaims().setClaim("subject", subjectValue);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String encodedSignature = cryptoProvider.sign(jwt.getSigningInput(), keyId, null, SignatureAlgorithm.RS512);
jwt.setEncodedSignature(encodedSignature);
loginHintTokenRS512 = jwt.toString();
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushIdTokenHintRS384.
@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintRS384")
public void backchannelTokenDeliveryModePushIdTokenHintRS384(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("backchannelTokenDeliveryModePushIdTokenHintRS384");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.RS384);
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS384);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS384, BackchannelTokenDeliveryMode.PUSH, true);
String clientId = registerResponse.getClientId();
// 2. Authentication Request
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setIdTokenHint(idTokenHintRS384);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.RS384);
backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
backchannelAuthenticationRequest.setKeyId(keyId);
backchannelAuthenticationRequest.setAudience(tokenEndpoint);
backchannelAuthenticationRequest.setAuthUsername(clientId);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushIdTokenHintES512.
@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintES512")
public void backchannelTokenDeliveryModePushIdTokenHintES512(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("backchannelTokenDeliveryModePushIdTokenHintES512");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.ES512);
registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.ES512);
registerRequest.setBackchannelUserCodeParameter(true);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.ES512, BackchannelTokenDeliveryMode.PUSH, true);
String clientId = registerResponse.getClientId();
// 2. Authentication Request
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
backchannelAuthenticationRequest.setIdTokenHint(idTokenHintES512);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.ES512);
backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
backchannelAuthenticationRequest.setKeyId(keyId);
backchannelAuthenticationRequest.setAudience(tokenEndpoint);
backchannelAuthenticationRequest.setAuthUsername(clientId);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method registerClientWithRequestObject.
/**
* Request client registration with signed request object and software statement (with jwks_uri against which validation has to be performed).
* It should be run with following server configuration settings:
* - "dcrSignatureValidationEnabled": true,
* - "dcrSignatureValidationSoftwareStatementJwksURIClaim": "jwks_uri",
* - "dcrSignatureValidationSoftwareStatementJwksClaim": null,
* - "dcrSignatureValidationJwks": null,
* - "dcrSignatureValidationJwksUri": null,
* - "softwareStatementValidationType": "jwks_uri",
* - "softwareStatementValidationClaimName": "jwks_uri",
*/
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Ignore("server's `dcrSignatureValidationEnabled` configuration property should be set to true to get this test passed.")
public // @Test
void registerClientWithRequestObject(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("registerClientWithRequestObject");
String softwareId = UUID.randomUUID().toString();
String softwareVersion = "5.0";
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
softwareStatement.setKeyId(keyId);
softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
softwareStatement.getClaims().put(REQUEST_URIS.toString(), Arrays.asList("http://www.gluu.org/request"));
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
RegisterRequest registerRequest = new RegisterRequest();
registerRequest.setSoftwareStatement(encodedSoftwareStatement);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest.sign(SignatureAlgorithm.RS256, keyId, cryptoProvider));
registerClient.setExecutor(clientEngine(true));
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 200, false);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
registrationAccessToken2 = response.getRegistrationAccessToken();
registrationClientUri2 = response.getRegistrationClientUri();
}
use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method requestClientAssociate1.
/**
* Verify signature with JWKS_URI
*/
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void requestClientAssociate1(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("requestClientAssociate1");
String softwareId = UUID.randomUUID().toString();
String softwareVersion = "version_3.1.5";
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
softwareStatement.setKeyId(keyId);
softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
RegisterRequest registerRequest = new RegisterRequest();
registerRequest.setSoftwareStatement(encodedSoftwareStatement);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
registerClient.setExecutor(clientEngine(true));
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertEquals(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()), logoutUri);
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
registrationAccessToken1 = response.getRegistrationAccessToken();
registrationClientUri1 = response.getRegistrationClientUri();
}
Aggregations