Example 1 with RSAPublicKey
use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method idTokenHintRS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintRS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("idTokenHintRS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS256);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Collections.singletonList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt);
assertJwtStandarClaimsNotNull(jwt, true);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
idTokenHintRS256 = idToken;
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 2 with RSAPublicKey
use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method idTokenHintPS384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintPS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("idTokenHintPS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS384);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Collections.singletonList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt);
assertJwtStandarClaimsNotNull(jwt, true);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.PS384, publicKey);
assertTrue(rsaSigner.validate(jwt));
idTokenHintPS384 = idToken;
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 3 with RSAPublicKey
use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.
the class BackchannelAuthenticationPollMode method requestBackchannelAuthentication.
public String requestBackchannelAuthentication(final String userId, final String clientId, final String clientSecret, final String backchannelUserCode) throws Exception {
// Authentication Request
String bindingMessage = RandomStringUtils.randomAlphanumeric(6);
String clientNotificationToken = UUID.randomUUID().toString();
BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
backchannelAuthenticationRequest.setScope(Arrays.asList("openid", "profile", "email", "address", "phone"));
backchannelAuthenticationRequest.setLoginHint(userId);
backchannelAuthenticationRequest.setClientNotificationToken(clientNotificationToken);
backchannelAuthenticationRequest.setUserCode(backchannelUserCode);
backchannelAuthenticationRequest.setRequestedExpiry(1200);
backchannelAuthenticationRequest.setAcrValues(Arrays.asList("auth_ldap_server", "basic"));
backchannelAuthenticationRequest.setBindingMessage(bindingMessage);
backchannelAuthenticationRequest.setAuthUsername(clientId);
backchannelAuthenticationRequest.setAuthPassword(clientSecret);
BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(backchannelAuthenticationEndpoint);
backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
BackchannelAuthenticationResponse backchannelAuthenticationResponse = backchannelAuthenticationClient.exec();
showClient(backchannelAuthenticationClient);
assertBackchannelAuthentication(backchannelAuthenticationResponse, true);
String authReqId = backchannelAuthenticationResponse.getAuthReqId();
// Token Request Using CIBA Grant Type
TokenResponse tokenResponse = null;
int pollCount = 0;
do {
Thread.sleep(5000);
TokenRequest tokenRequest = new TokenRequest(GrantType.CIBA);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthReqId(authReqId);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
tokenResponse = tokenClient.exec();
showClient(tokenClient);
pollCount++;
} while (tokenResponse.getStatus() == 400 && pollCount < 5);
assertTokenResponseOk(tokenResponse, false);
String accessToken = tokenResponse.getAccessToken();
String idToken = tokenResponse.getIdToken();
// Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
assertNotNull(userInfoResponse.getClaim(JwtClaimName.WEBSITE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.BIRTHDATE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GENDER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PROFILE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PREFERRED_USERNAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.MIDDLE_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.UPDATED_AT));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PHONE_NUMBER));
// Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt);
assertJwtStandarClaimsNotNull(jwt, true);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
return sub;
}
Also used :
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoClient(io.jans.as.client.UserInfoClient)
TokenResponse(io.jans.as.client.TokenResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
BackchannelAuthenticationResponse(io.jans.as.client.BackchannelAuthenticationResponse)
BackchannelAuthenticationClient(io.jans.as.client.BackchannelAuthenticationClient)
RSASigner(io.jans.as.model.jws.RSASigner)
TokenRequest(io.jans.as.client.TokenRequest)
BackchannelAuthenticationRequest(io.jans.as.client.BackchannelAuthenticationRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
TokenClient(io.jans.as.client.TokenClient)
Example 4 with RSAPublicKey
use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method idTokenHintRS384.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintRS384(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("idTokenHintRS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS384);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Collections.singletonList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt);
assertJwtStandarClaimsNotNull(jwt, true);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS384, publicKey);
assertTrue(rsaSigner.validate(jwt));
idTokenHintRS384 = idToken;
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 5 with RSAPublicKey
use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.
the class BackchannelAuthenticationPingMode method idTokenHintPS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintPS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("idTokenHintPS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS256);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Collections.singletonList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt);
assertJwtStandarClaimsNotNull(jwt, true);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.PS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
idTokenHintPS256 = idToken;
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Aggregations
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)115
RSASigner (io.jans.as.model.jws.RSASigner)106
Jwt (io.jans.as.model.jwt.Jwt)100
Test (org.testng.annotations.Test)94
AuthorizationResponse (io.jans.as.client.AuthorizationResponse)92
BaseTest (io.jans.as.client.BaseTest)90
RegisterResponse (io.jans.as.client.RegisterResponse)90
ResponseType (io.jans.as.model.common.ResponseType)90
Parameters (org.testng.annotations.Parameters)89
AuthorizationRequest (io.jans.as.client.AuthorizationRequest)86
RegisterClient (io.jans.as.client.RegisterClient)83
RegisterRequest (io.jans.as.client.RegisterRequest)83
AuthorizeClient (io.jans.as.client.AuthorizeClient)53
UserInfoClient (io.jans.as.client.UserInfoClient)49
UserInfoResponse (io.jans.as.client.UserInfoResponse)49
JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)40
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)25
TokenClient (io.jans.as.client.TokenClient)24
TokenResponse (io.jans.as.client.TokenResponse)24
Claim (io.jans.as.client.model.authorize.Claim)24
