Example 56 with Jwt
use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.
the class VerifiesCorrectAtHashWhenImplicitFlowUsed method verifiesCorrectAtHashWhenImplicitFlowUsed.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void verifiesCorrectAtHashWhenImplicitFlowUsed(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("OC5:FeatureTest-Verifies Correct at hash when Implicit Flow Used");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getAccessToken());
assertNotNull(authorizationResponse.getTokenType());
assertNotNull(authorizationResponse.getIdToken());
assertNotNull(authorizationResponse.getState());
String accessToken = authorizationResponse.getAccessToken();
String idToken = authorizationResponse.getIdToken();
// 3. Validate access_token and id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, true);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
assertTrue(rsaSigner.validateAccessToken(accessToken, jwt));
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
Jwt(io.jans.as.model.jwt.Jwt)
RSASigner(io.jans.as.model.jws.RSASigner)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 57 with Jwt
use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.
the class AccessTokenAsJwtHttpTest method accessTokenAsJwt.
/**
* Test for the complete Authorization Code Flow.
*/
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void accessTokenAsJwt(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("accessTokenAsJwt");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN, ResponseType.TOKEN);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
RegisterResponse registerResponse = registerClient(redirectUri, responseTypes, scopes);
String clientId = registerResponse.getClientId();
// Request authorization and receive the authorization code.
String nonce = UUID.randomUUID().toString();
AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce);
String accessToken = authorizationResponse.getAccessToken();
// Validate access token as jwt
Jwt jwt = Jwt.parse(accessToken);
assertEquals(clientId, jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString("scope"));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
}
Also used :
RegisterResponse(io.jans.as.client.RegisterResponse)
Jwt(io.jans.as.model.jwt.Jwt)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
Asserter.assertAuthorizationResponse(io.jans.as.client.client.Asserter.assertAuthorizationResponse)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 58 with Jwt
use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.
the class AddressClaimsTest method authorizationRequestRS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri", "RS256_keyId", "clientJwksUri" })
@Test
public void authorizationRequestRS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri, final String keyId, final String clientJwksUri) throws Exception {
showTitle("authorizationRequestRS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS256);
registerRequest.setUserInfoSignedResponseAlg(SignatureAlgorithm.RS256);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS256);
registerRequest.addCustomAttribute("jansInclClaimsInIdTkn", "true");
registerRequest.setJwksUri(clientJwksUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
// 2. Request authorization
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "address");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.RS256, cryptoProvider);
jwtAuthorizationRequest.setKeyId(keyId);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertAuthorizationResponse(authorizationResponse, responseTypes, true);
String idToken = authorizationResponse.getIdToken();
String accessToken = authorizationResponse.getAccessToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, true);
assertJwtAddressClaimsNotNull(jwt);
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
// 4. Request user info
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setRequest(userInfoRequest);
userInfoClient.setJwksUri(jwksUri);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertUserInfoBasicResponseOk(userInfoResponse, 200);
assertUserInfoAddressNotNull(userInfoResponse);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoRequest(io.jans.as.client.UserInfoRequest)
UserInfoClient(io.jans.as.client.UserInfoClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Claim(io.jans.as.client.model.authorize.Claim)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 59 with Jwt
use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.
the class ClientAuthenticationByAccessTokenHttpTest method requestAccessTokenCustomClientAuth1.
@Parameters({ "userId", "userSecret" })
@Test(dependsOnMethods = "requestClientRegistrationWithCustomAttributes")
public void requestAccessTokenCustomClientAuth1(final String userId, final String userSecret) throws Exception {
showTitle("requestAccessTokenCustomClientAuth1");
// 1. Request authorization and receive the authorization code.
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, REDIRECT_URI, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setExecutor(clientEngine(true));
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The code is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 2. Validate code and id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, false);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
// 3. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(REDIRECT_URI);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setExecutor(clientEngine(true));
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
userAccessToken = tokenResponse.getAccessToken();
}
Also used :
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
TokenResponse(io.jans.as.client.TokenResponse)
Jwt(io.jans.as.model.jwt.Jwt)
TokenRequest(io.jans.as.client.TokenRequest)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
TokenClient(io.jans.as.client.TokenClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 60 with Jwt
use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.
the class AuthorizationResponse method processLocation.
private void processLocation() {
try {
if (StringUtils.isNotBlank(location)) {
Map<String, String> params = null;
int fragmentIndex = location.indexOf("#");
if (fragmentIndex != -1) {
String fragment = location.substring(fragmentIndex + 1);
params = QueryStringDecoder.decode(fragment);
if (params.containsKey("response")) {
responseMode = ResponseMode.FRAGMENT_JWT;
} else {
responseMode = ResponseMode.FRAGMENT;
}
} else {
int queryStringIndex = location.indexOf("?");
if (queryStringIndex != -1) {
String queryString = location.substring(queryStringIndex + 1);
params = QueryStringDecoder.decode(queryString);
if (params.containsKey("response")) {
responseMode = ResponseMode.QUERY_JWT;
} else {
responseMode = ResponseMode.QUERY;
}
}
}
if (params != null) {
if (params.containsKey(RESPONSE)) {
response = params.get(RESPONSE);
params.remove(RESPONSE);
String[] jwtParts = response.split("\\.");
if (jwtParts.length == 5) {
byte[] sharedSymmetricKey = sharedKey != null ? sharedKey.getBytes(StandardCharsets.UTF_8) : null;
Jwe jwe = Jwe.parse(response, privateKey, sharedSymmetricKey);
if (jwe != null) {
for (Map.Entry<String, List<String>> entry : jwe.getClaims().toMap().entrySet()) {
params.put(entry.getKey(), entry.getValue().get(0));
}
}
} else {
Jwt jwt = Jwt.parse(response);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider();
boolean signatureVerified = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), jwt.getHeader().getKeyId(), JwtUtil.getJSONWebKeys(jwksUri), sharedKey, jwt.getHeader().getSignatureAlgorithm());
if (signatureVerified) {
for (Map.Entry<String, List<String>> entry : jwt.getClaims().toMap().entrySet()) {
params.put(entry.getKey(), entry.getValue().get(0));
}
}
}
}
loadParams(params);
}
}
} catch (Exception e) {
LOG.error(e.getMessage(), e);
}
}
Also used :
Jwt(io.jans.as.model.jwt.Jwt)
JSONException(org.json.JSONException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Jwe(io.jans.as.model.jwe.Jwe)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
Aggregations
Jwt (io.jans.as.model.jwt.Jwt)295
Test (org.testng.annotations.Test)249
Parameters (org.testng.annotations.Parameters)231
BaseTest (io.jans.as.client.BaseTest)210
ResponseType (io.jans.as.model.common.ResponseType)189
AuthorizationResponse (io.jans.as.client.AuthorizationResponse)171
RegisterResponse (io.jans.as.client.RegisterResponse)167
AuthorizationRequest (io.jans.as.client.AuthorizationRequest)161
RegisterClient (io.jans.as.client.RegisterClient)156
RegisterRequest (io.jans.as.client.RegisterRequest)156
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)128
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)101
RSASigner (io.jans.as.model.jws.RSASigner)100
AuthorizeClient (io.jans.as.client.AuthorizeClient)92
JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)88
JSONObject (org.json.JSONObject)85
UserInfoClient (io.jans.as.client.UserInfoClient)79
UserInfoResponse (io.jans.as.client.UserInfoResponse)79
Claim (io.jans.as.client.model.authorize.Claim)46
UserInfoRequest (io.jans.as.client.UserInfoRequest)42
