Search in sources :

Example 86 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method jwtStateHS384Test.

@Test
public void jwtStateHS384Test() throws Exception {
    showTitle("jwtStateHS384Test");
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider();
    String sharedKey = "shared_key";
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.HS384, sharedKey, cryptoProvider);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    assertNotNull(encodedState);
    System.out.println("Signed JWS State: " + encodedState);
    Jwt jwt = Jwt.parse(encodedState);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null, null, sharedKey, SignatureAlgorithm.HS384);
    assertTrue(validJwt);
}
Also used : JSONObject(org.json.JSONObject) Jwt(io.jans.as.model.jwt.Jwt) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 87 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterHS256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void encodeClaimsInStateParameterHS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("encodeClaimsInStateParameterHS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider();
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String state = authorizationResponse.getState();
    // 3. Validate state
    Jwt jwt = Jwt.parse(state);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null, null, clientSecret, SignatureAlgorithm.HS256);
    assertTrue(validJwt);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Asserter.assertAuthorizationResponse(io.jans.as.client.client.Asserter.assertAuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 88 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method jwtStateRS256Test.

@Parameters({ "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId" })
@Test
public void jwtStateRS256Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
    showTitle("jwtStateRS256Test");
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.RS256, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    assertNotNull(encodedState);
    System.out.println("Signed JWS State: " + encodedState);
    Jwt jwt = Jwt.parse(encodedState);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.RS256);
    assertTrue(validJwt);
}
Also used : JSONObject(org.json.JSONObject) Jwt(io.jans.as.model.jwt.Jwt) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 89 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterES512.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "ES512_keyId" })
@Test
public void encodeClaimsInStateParameterES512(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
    showTitle("encodeClaimsInStateParameterES512");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.ES512, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String state = authorizationResponse.getState();
    // 3. Validate state
    Jwt jwt = Jwt.parse(state);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.ES512);
    assertTrue(validJwt);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Asserter.assertAuthorizationResponse(io.jans.as.client.client.Asserter.assertAuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 90 with Jwt

use of io.jans.as.model.jwt.Jwt in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterPS256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "PS256_keyId" })
@Test
public void encodeClaimsInStateParameterPS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
    showTitle("encodeClaimsInStateParameterPS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.PS256, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String state = authorizationResponse.getState();
    // 3. Validate state
    Jwt jwt = Jwt.parse(state);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.PS256);
    assertTrue(validJwt);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Asserter.assertAuthorizationResponse(io.jans.as.client.client.Asserter.assertAuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

Jwt (io.jans.as.model.jwt.Jwt)295 Test (org.testng.annotations.Test)249 Parameters (org.testng.annotations.Parameters)231 BaseTest (io.jans.as.client.BaseTest)210 ResponseType (io.jans.as.model.common.ResponseType)189 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)171 RegisterResponse (io.jans.as.client.RegisterResponse)167 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)161 RegisterClient (io.jans.as.client.RegisterClient)156 RegisterRequest (io.jans.as.client.RegisterRequest)156 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)128 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)101 RSASigner (io.jans.as.model.jws.RSASigner)100 AuthorizeClient (io.jans.as.client.AuthorizeClient)92 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)88 JSONObject (org.json.JSONObject)85 UserInfoClient (io.jans.as.client.UserInfoClient)79 UserInfoResponse (io.jans.as.client.UserInfoResponse)79 Claim (io.jans.as.client.model.authorize.Claim)46 UserInfoRequest (io.jans.as.client.UserInfoRequest)42