Examples with Jwe io.jans.as.model.jwe.Jwe used on opensource projects

Search in sources :

Example 46 with Jwe

use of io.jans.as.model.jwe.Jwe in project jans by JanssenProject.

the class AddressClaimsTest method authorizationRequestAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "RSA_OAEP_keyId", "clientJwksUri", "sectorIdentifierUri" })
@Test
public void authorizationRequestAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String clientKeyId, final String clientJwksUri, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestAlgRSAOAEPEncA256GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
    registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.RSA_OAEP);
    registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.addCustomAttribute("jansInclClaimsInIdTkn", "true");
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "address");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 4. Validate id_token
    PrivateKey privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    Jwe jwe = Jwe.parse(idToken, privateKey, null);
    assertJweStandarClaimsNotNull(jwe, true);
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaim(JwtClaimName.ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
    // 5. Request user info
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    userInfoClient.setPrivateKey(privateKey);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertUserInfoBasicResponseOk(userInfoResponse, 200);
    assertUserInfoAddressNotNull(userInfoResponse);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) PrivateKey(java.security.PrivateKey) UserInfoRequest(io.jans.as.client.UserInfoRequest) UserInfoClient(io.jans.as.client.UserInfoClient) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) UserInfoResponse(io.jans.as.client.UserInfoResponse) AuthorizeClient(io.jans.as.client.AuthorizeClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 47 with Jwe

use of io.jans.as.model.jwe.Jwe in project jans by JanssenProject.

the class AddressClaimsTest method authorizationRequestAlgRSA15EncA256CBCPLUSHS512.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "RSA1_5_keyId", "clientJwksUri", "sectorIdentifierUri" })
@Test
public void authorizationRequestAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String clientKeyId, final String clientJwksUri, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestAlgRSA15EncA256CBCPLUSHS512");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    registerRequest.addCustomAttribute("jansInclClaimsInIdTkn", "true");
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA1_5);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "address");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 4. Validate id_token
    PrivateKey privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    Jwe jwe = Jwe.parse(idToken, privateKey, null);
    assertJweStandarClaimsNotNull(jwe, true);
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaim(JwtClaimName.ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
    // 5. Request user info
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    userInfoClient.setPrivateKey(privateKey);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertUserInfoBasicResponseOk(userInfoResponse, 200);
    assertUserInfoAddressNotNull(userInfoResponse);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) PrivateKey(java.security.PrivateKey) UserInfoRequest(io.jans.as.client.UserInfoRequest) UserInfoClient(io.jans.as.client.UserInfoClient) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) UserInfoResponse(io.jans.as.client.UserInfoResponse) AuthorizeClient(io.jans.as.client.AuthorizeClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 48 with Jwe

use of io.jans.as.model.jwe.Jwe in project jans by JanssenProject.

the class AddressClaimsTest method authorizationRequestAlgA256KWEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestAlgA256KWEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestAlgA256KWEncA256GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A256KW);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.A256KW);
    registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.A256KW);
    registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.addCustomAttribute("jansInclClaimsInIdTkn", "true");
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<String> scopes = Arrays.asList("openid", "address");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.A256KW, BlockEncryptionAlgorithm.A256GCM, clientSecret);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 3. Validate id_token
    Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(StandardCharsets.UTF_8));
    assertJweStandarClaimsNotNull(jwe, true);
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaim(JwtClaimName.ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
    // 4. Request user info
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    userInfoClient.setSharedKey(clientSecret);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertUserInfoBasicResponseOk(userInfoResponse, 200);
    assertUserInfoAddressNotNull(userInfoResponse);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) UserInfoRequest(io.jans.as.client.UserInfoRequest) UserInfoClient(io.jans.as.client.UserInfoClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) UserInfoResponse(io.jans.as.client.UserInfoResponse) AuthorizeClient(io.jans.as.client.AuthorizeClient) Claim(io.jans.as.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 49 with Jwe

use of io.jans.as.model.jwe.Jwe in project jans by JanssenProject.

the class BackchannelAuthenticationPushMode method idTokenHintAlgRSA15EncA128CBCPLUSHS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri", "clientJwksUri", "RSA1_5_keyId", "keyStoreFile", "keyStoreSecret" })
@Test
public void idTokenHintAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("idTokenHintAlgRSA15EncA128CBCPLUSHS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scopes = Collections.singletonList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
    PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
    Jwe jwe = Jwe.parse(idToken, privateKey, null);
    assertJweStandarClaimsNotNull(jwe, true);
    idTokenHintAlgRSA15EncA128CBCPLUSHS256 = idToken;
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) PrivateKey(java.security.PrivateKey) BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) Jwe(io.jans.as.model.jwe.Jwe) AuthorizeClient(io.jans.as.client.AuthorizeClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 50 with Jwe

use of io.jans.as.model.jwe.Jwe in project jans by JanssenProject.

the class AddressClaimsTest method authorizationRequestAlgA128KWEncA128GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void authorizationRequestAlgA128KWEncA128GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestAlgA128KWEncA128GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
    registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
    registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
    registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.A128KW);
    registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A128GCM);
    registerRequest.addCustomAttribute("jansInclClaimsInIdTkn", "true");
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<String> scopes = Arrays.asList("openid", "address");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.A128KW, BlockEncryptionAlgorithm.A128GCM, clientSecret);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 3. Validate id_token
    Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(StandardCharsets.UTF_8));
    assertJweStandarClaimsNotNull(jwe, true);
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaim(JwtClaimName.ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
    // 4. Request user info
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    userInfoClient.setSharedKey(clientSecret);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertUserInfoBasicResponseOk(userInfoResponse, 200);
    assertUserInfoAddressNotNull(userInfoResponse);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) UserInfoRequest(io.jans.as.client.UserInfoRequest) UserInfoClient(io.jans.as.client.UserInfoClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) UserInfoResponse(io.jans.as.client.UserInfoResponse) AuthorizeClient(io.jans.as.client.AuthorizeClient) Claim(io.jans.as.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

Jwe (io.jans.as.model.jwe.Jwe)83 Parameters (org.testng.annotations.Parameters)70 Test (org.testng.annotations.Test)68 ResponseType (io.jans.as.model.common.ResponseType)62 BaseTest (io.jans.as.client.BaseTest)51 RegisterClient (io.jans.as.client.RegisterClient)51 RegisterRequest (io.jans.as.client.RegisterRequest)51 RegisterResponse (io.jans.as.client.RegisterResponse)51 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)50 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)46 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)46 JSONObject (org.json.JSONObject)40 AuthorizeClient (io.jans.as.client.AuthorizeClient)36 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)36 PrivateKey (java.security.PrivateKey)35 UserInfoClient (io.jans.as.client.UserInfoClient)20 UserInfoResponse (io.jans.as.client.UserInfoResponse)20 Jwt (io.jans.as.model.jwt.Jwt)20 AuthorizeErrorResponseType (io.jans.as.model.authorize.AuthorizeErrorResponseType)16 UserInfoRequest (io.jans.as.client.UserInfoRequest)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial