Search in sources :

Example 21 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method loginHintTokenRS512.

@Parameters({ "RS512_keyId", "userEmail", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void loginHintTokenRS512(final String keyId, final String userEmail, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("loginHintTokenRS512");
    JSONObject subjectValue = new JSONObject();
    subjectValue.put("subject_type", "email");
    subjectValue.put("email", userEmail);
    Jwt jwt = new Jwt();
    jwt.getHeader().setAlgorithm(SignatureAlgorithm.RS512);
    jwt.getHeader().setKeyId(keyId);
    jwt.getClaims().setClaim("subject", subjectValue);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String encodedSignature = cryptoProvider.sign(jwt.getSigningInput(), keyId, null, SignatureAlgorithm.RS512);
    jwt.setEncodedSignature(encodedSignature);
    loginHintTokenRS512 = jwt.toString();
}
Also used : JSONObject(org.json.JSONObject) Jwt(io.jans.as.model.jwt.Jwt) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 22 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushIdTokenHintRS384.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintRS384")
public void backchannelTokenDeliveryModePushIdTokenHintRS384(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("backchannelTokenDeliveryModePushIdTokenHintRS384");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.RS384);
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.RS384);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.RS384, BackchannelTokenDeliveryMode.PUSH, true);
    String clientId = registerResponse.getClientId();
    // 2. Authentication Request
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
    backchannelAuthenticationRequest.setIdTokenHint(idTokenHintRS384);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.RS384);
    backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
    backchannelAuthenticationRequest.setKeyId(keyId);
    backchannelAuthenticationRequest.setAudience(tokenEndpoint);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) RegisterClient(io.jans.as.client.RegisterClient) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 23 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method backchannelTokenDeliveryModePushIdTokenHintES512.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint", "backchannelUserCode", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test(dependsOnMethods = "idTokenHintES512")
public void backchannelTokenDeliveryModePushIdTokenHintES512(final String clientJwksUri, final String backchannelClientNotificationEndpoint, final String backchannelUserCode, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("backchannelTokenDeliveryModePushIdTokenHintES512");
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.ES512);
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PUSH);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.ES512);
    registerRequest.setBackchannelUserCodeParameter(true);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.ES512, BackchannelTokenDeliveryMode.PUSH, true);
    String clientId = registerResponse.getClientId();
    // 2. Authentication Request
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String clientNotificationToken = UUID.randomUUID().toString();
    BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
    backchannelAuthenticationRequest.setScope(Collections.singletonList("openid"));
    backchannelAuthenticationRequest.setIdTokenHint(idTokenHintES512);
    backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
    backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
    backchannelAuthenticationRequest.setRequestedExpiry(1200);
    backchannelAuthenticationRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    backchannelAuthenticationRequest.setAlgorithm(SignatureAlgorithm.ES512);
    backchannelAuthenticationRequest.setCryptoProvider(cryptoProvider);
    backchannelAuthenticationRequest.setKeyId(keyId);
    backchannelAuthenticationRequest.setAudience(tokenEndpoint);
    backchannelAuthenticationRequest.setAuthUsername(clientId);
    BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
    backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
    BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
    showClient(backchannelAuthenticationClient);
    assertBackchannelAuthentication(backchannelAuthenticationResponse, false);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse) RegisterClient(io.jans.as.client.RegisterClient) BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient) BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 24 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class RegistrationWithSoftwareStatementTest method registerClientWithRequestObject.

/**
 * Request client registration with signed request object and software statement (with jwks_uri against which validation has to be performed).
 * It should be run with following server configuration settings:
 * - "dcrSignatureValidationEnabled": true,
 * - "dcrSignatureValidationSoftwareStatementJwksURIClaim": "jwks_uri",
 * - "dcrSignatureValidationSoftwareStatementJwksClaim": null,
 * - "dcrSignatureValidationJwks": null,
 * - "dcrSignatureValidationJwksUri": null,
 * - "softwareStatementValidationType": "jwks_uri",
 * - "softwareStatementValidationClaimName": "jwks_uri",
 */
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Ignore("server's `dcrSignatureValidationEnabled` configuration property should be set to true to get this test passed.")
public // @Test
void registerClientWithRequestObject(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("registerClientWithRequestObject");
    String softwareId = UUID.randomUUID().toString();
    String softwareVersion = "5.0";
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
    softwareStatement.setKeyId(keyId);
    softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
    softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
    softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
    softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
    softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
    softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
    softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
    softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
    softwareStatement.getClaims().put(REQUEST_URIS.toString(), Arrays.asList("http://www.gluu.org/request"));
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
    softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
    softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
    softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
    softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
    String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
    RegisterRequest registerRequest = new RegisterRequest();
    registerRequest.setSoftwareStatement(encodedSoftwareStatement);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest.sign(SignatureAlgorithm.RS256, keyId, cryptoProvider));
    registerClient.setExecutor(clientEngine(true));
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 200, false);
    assertNotNull(response.getFirstClaim(SCOPE.toString()));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
    JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
    List<String> scopes = new ArrayList<>();
    for (int i = 0; i < scopesJsonArray.length(); i++) {
        scopes.add(scopesJsonArray.get(i).toString());
    }
    assertTrue(scopes.contains("openid"));
    assertTrue(scopes.contains("address"));
    assertTrue(scopes.contains("email"));
    assertTrue(scopes.contains("profile"));
    assertTrue(scopes.contains("phone"));
    assertTrue(scopes.contains("clientinfo"));
    assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
    assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
    assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
    registrationAccessToken2 = response.getRegistrationAccessToken();
    registrationClientUri2 = response.getRegistrationClientUri();
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) SoftwareStatement(io.jans.as.client.model.SoftwareStatement) JSONArray(org.json.JSONArray) ArrayList(java.util.ArrayList) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Ignore(org.testng.annotations.Ignore) Parameters(org.testng.annotations.Parameters)

Example 25 with AuthCryptoProvider

use of io.jans.as.model.crypto.AuthCryptoProvider in project jans by JanssenProject.

the class RegistrationWithSoftwareStatementTest method requestClientAssociate1.

/**
 * Verify signature with JWKS_URI
 */
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void requestClientAssociate1(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("requestClientAssociate1");
    String softwareId = UUID.randomUUID().toString();
    String softwareVersion = "version_3.1.5";
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
    softwareStatement.setKeyId(keyId);
    softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
    softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
    softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
    softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
    softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
    softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
    softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
    softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
    softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
    softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
    softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
    softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
    softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
    String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
    RegisterRequest registerRequest = new RegisterRequest();
    registerRequest.setSoftwareStatement(encodedSoftwareStatement);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    registerClient.setExecutor(clientEngine(true));
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 201, true);
    assertNotNull(response.getFirstClaim(SCOPE.toString()));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertEquals(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()), logoutUri);
    assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
    JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
    List<String> scopes = new ArrayList<>();
    for (int i = 0; i < scopesJsonArray.length(); i++) {
        scopes.add(scopesJsonArray.get(i).toString());
    }
    assertTrue(scopes.contains("openid"));
    assertTrue(scopes.contains("address"));
    assertTrue(scopes.contains("email"));
    assertTrue(scopes.contains("profile"));
    assertTrue(scopes.contains("phone"));
    assertTrue(scopes.contains("clientinfo"));
    assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
    assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
    assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
    registrationAccessToken1 = response.getRegistrationAccessToken();
    registrationClientUri1 = response.getRegistrationClientUri();
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) SoftwareStatement(io.jans.as.client.model.SoftwareStatement) JSONArray(org.json.JSONArray) ArrayList(java.util.ArrayList) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)818 Test (org.testng.annotations.Test)808 Parameters (org.testng.annotations.Parameters)807 BaseTest (io.jans.as.client.BaseTest)730 RegisterResponse (io.jans.as.client.RegisterResponse)675 ResponseType (io.jans.as.model.common.ResponseType)664 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)571 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)456 Claim (io.jans.as.client.model.authorize.Claim)413 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)337 RegisterClient (io.jans.as.client.RegisterClient)315 RegisterRequest (io.jans.as.client.RegisterRequest)315 JSONObject (org.json.JSONObject)182 TokenRequest (io.jans.as.client.TokenRequest)170 TokenResponse (io.jans.as.client.TokenResponse)160 TokenClient (io.jans.as.client.TokenClient)151 Jwt (io.jans.as.model.jwt.Jwt)128 JwkClient (io.jans.as.client.JwkClient)100 JwkResponse (io.jans.as.client.JwkResponse)100 UserInfoClient (io.jans.as.client.UserInfoClient)93