Search in sources :

Example 1 with DPoP

use of io.jans.as.model.jwt.DPoP in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_PS384.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "PS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_PS384(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_PS384");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.RSA);
    jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
    jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.PS384, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.PS384, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 2 with DPoP

use of io.jans.as.model.jwt.DPoP in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_PS256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_PS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_PS256");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.RSA);
    jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
    jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.PS256, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.PS256, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 3 with DPoP

use of io.jans.as.model.jwt.DPoP in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_RS512.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_RS512(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_RS512");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.RSA);
    jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
    jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.RS512, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.RS512, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 4 with DPoP

use of io.jans.as.model.jwt.DPoP in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_ES384.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_ES384(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_ES384");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    ECPublicKeyImpl publicKey = (ECPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.EC);
    jsonWebKey.setX(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineX()));
    jsonWebKey.setY(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineY()));
    jsonWebKey.setCrv(EllipticEdvardsCurve.P_384);
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.ES384, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.ES384, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : ECPublicKeyImpl(sun.security.ec.ECPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 5 with DPoP

use of io.jans.as.model.jwt.DPoP in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_ES256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_ES256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_ES256");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    ECPublicKeyImpl publicKey = (ECPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.EC);
    jsonWebKey.setX(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineX()));
    jsonWebKey.setY(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineY()));
    jsonWebKey.setCrv(EllipticEdvardsCurve.P_256);
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.ES256, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.ES256, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : ECPublicKeyImpl(sun.security.ec.ECPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

BaseTest (io.jans.as.client.BaseTest)9 TokenResponse (io.jans.as.client.TokenResponse)9 ResponseType (io.jans.as.model.common.ResponseType)9 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)9 JSONWebKey (io.jans.as.model.jwk.JSONWebKey)9 DPoP (io.jans.as.model.jwt.DPoP)9 Parameters (org.testng.annotations.Parameters)9 Test (org.testng.annotations.Test)9 RSAPublicKeyImpl (sun.security.rsa.RSAPublicKeyImpl)6 ECPublicKeyImpl (sun.security.ec.ECPublicKeyImpl)3