use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RegisterRequestMapperTest method testRegisterRequestMapper.
@Test
public void testRegisterRequestMapper() throws IOException {
// check createRegisterRequest
Rp rp = createRp();
RegisterRequest request = RegisterRequestMapper.createRegisterRequest(rp);
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getClaimsRedirectUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getClaimsRedirectUri())));
assertEquals(request.getIdTokenSignedResponseAlg(), SignatureAlgorithm.HS256);
assertEquals(request.getIdTokenEncryptedResponseAlg(), KeyEncryptionAlgorithm.RSA1_5);
assertEquals(request.getUserInfoEncryptedResponseEnc(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertEquals(request.getClientName(), rp.getClientName());
assertEquals(request.getApplicationType().toString(), rp.getApplicationType());
assertEquals(request.getTokenEndpointAuthMethod(), AuthenticationMethod.CLIENT_SECRET_BASIC);
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getGrantTypes())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getGrantType().stream().map(item -> GrantType.fromString(item)).collect(Collectors.toList()))));
assertEquals(request.getFrontChannelLogoutUri(), rp.getFrontChannelLogoutUri());
assertEquals(request.getTokenEndpointAuthMethod().toString(), rp.getTokenEndpointAuthMethod());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getRequestUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getRequestUris())));
assertEquals(request.getSectorIdentifierUri().toString(), rp.getSectorIdentifierUri());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getRedirectUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getRedirectUris())));
assertEquals(request.getAccessTokenAsJwt(), rp.getAccessTokenAsJwt());
assertEquals(request.getAccessTokenSigningAlg().toString(), rp.getAccessTokenSigningAlg());
assertEquals(request.getRptAsJwt(), rp.getRptAsJwt());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getResponseTypes())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getResponseTypes())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getDefaultAcrValues())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getAcrValues())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getContacts())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getContacts())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getPostLogoutRedirectUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getPostLogoutRedirectUris())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getScope())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getScope())));
assertEquals(request.getLogoUri(), rp.getLogoUri());
assertEquals(request.getClientUri(), rp.getClientUri());
assertEquals(request.getPolicyUri(), rp.getPolicyUri());
assertEquals(request.getFrontChannelLogoutSessionRequired(), rp.getFrontChannelLogoutSessionRequired());
assertEquals(request.getTosUri(), rp.getTosUri());
assertEquals(request.getJwks(), rp.getJwks());
assertEquals(request.getIdTokenTokenBindingCnf(), rp.getIdTokenBindingCnf());
assertEquals(request.getTlsClientAuthSubjectDn(), rp.getTlsClientAuthSubjectDn());
assertEquals(request.getSubjectType().toString(), rp.getSubjectType());
assertEquals(request.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(), rp.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
assertEquals(request.getIdTokenSignedResponseAlg().toString(), rp.getIdTokenSignedResponseAlg());
assertEquals(request.getIdTokenEncryptedResponseAlg().toString(), rp.getIdTokenEncryptedResponseAlg());
assertEquals(request.getIdTokenEncryptedResponseEnc().toString(), rp.getIdTokenEncryptedResponseEnc());
assertEquals(request.getUserInfoSignedResponseAlg().toString(), rp.getUserInfoSignedResponseAlg());
assertEquals(request.getUserInfoEncryptedResponseAlg().toString(), rp.getUserInfoEncryptedResponseAlg());
assertEquals(request.getUserInfoEncryptedResponseEnc().toString(), rp.getUserInfoEncryptedResponseEnc());
assertEquals(request.getRequestObjectSigningAlg().toString(), rp.getRequestObjectSigningAlg());
assertEquals(request.getRequestObjectEncryptionAlg().toString(), rp.getRequestObjectEncryptionAlg());
assertEquals(request.getRequestObjectEncryptionEnc().toString(), rp.getRequestObjectEncryptionEnc());
assertEquals(request.getDefaultMaxAge(), rp.getDefaultMaxAge());
assertEquals(request.getRequireAuthTime(), rp.getRequireAuthTime());
assertEquals(request.getInitiateLoginUri(), rp.getInitiateLoginUri());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getAuthorizedOrigins())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getAuthorizedOrigins())));
assertEquals(request.getAccessTokenLifetime(), rp.getAccessTokenLifetime());
assertEquals(request.getSoftwareId(), rp.getSoftwareId());
assertEquals(request.getSoftwareVersion(), rp.getSoftwareVersion());
assertEquals(request.getSoftwareStatement(), rp.getSoftwareStatement());
assertEquals(request.getJwksUri(), rp.getClientJwksUri());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(request.getClaimsRedirectUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getClaimsRedirectUri())));
// check fillRp
Rp newRp = new Rp();
RegisterRequestMapper.fillRp(newRp, request);
assertEquals(newRp.getClientName(), rp.getClientName());
assertEquals(newRp.getApplicationType(), rp.getApplicationType());
assertEquals(newRp.getTokenEndpointAuthMethod(), rp.getTokenEndpointAuthMethod());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getGrantType())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getGrantType())));
assertEquals(newRp.getFrontChannelLogoutUri(), rp.getFrontChannelLogoutUri());
assertEquals(newRp.getTokenEndpointAuthMethod().toString(), rp.getTokenEndpointAuthMethod());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getRequestUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getRequestUris())));
assertEquals(newRp.getSectorIdentifierUri(), rp.getSectorIdentifierUri());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getRedirectUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getRedirectUris())));
assertEquals(newRp.getAccessTokenAsJwt(), rp.getAccessTokenAsJwt());
assertEquals(newRp.getAccessTokenSigningAlg(), rp.getAccessTokenSigningAlg());
assertEquals(newRp.getRptAsJwt(), rp.getRptAsJwt());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getResponseTypes())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getResponseTypes())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getAcrValues())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getAcrValues())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getContacts())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getContacts())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getPostLogoutRedirectUris())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getPostLogoutRedirectUris())));
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getScope())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getScope())));
assertEquals(newRp.getLogoUri(), rp.getLogoUri());
assertEquals(newRp.getClientUri(), rp.getClientUri());
assertEquals(newRp.getPolicyUri(), rp.getPolicyUri());
assertEquals(newRp.getFrontChannelLogoutSessionRequired(), rp.getFrontChannelLogoutSessionRequired());
assertEquals(newRp.getTosUri(), rp.getTosUri());
assertEquals(newRp.getJwks(), rp.getJwks());
assertEquals(newRp.getIdTokenBindingCnf(), rp.getIdTokenBindingCnf());
assertEquals(newRp.getTlsClientAuthSubjectDn(), rp.getTlsClientAuthSubjectDn());
assertEquals(newRp.getSubjectType(), rp.getSubjectType());
assertEquals(newRp.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(), rp.getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims());
assertEquals(newRp.getIdTokenSignedResponseAlg(), rp.getIdTokenSignedResponseAlg());
assertEquals(newRp.getIdTokenEncryptedResponseAlg(), rp.getIdTokenEncryptedResponseAlg());
assertEquals(newRp.getIdTokenEncryptedResponseEnc(), rp.getIdTokenEncryptedResponseEnc());
assertEquals(newRp.getUserInfoSignedResponseAlg(), rp.getUserInfoSignedResponseAlg());
assertEquals(newRp.getUserInfoEncryptedResponseAlg(), rp.getUserInfoEncryptedResponseAlg());
assertEquals(newRp.getUserInfoEncryptedResponseEnc(), rp.getUserInfoEncryptedResponseEnc());
assertEquals(newRp.getRequestObjectSigningAlg(), rp.getRequestObjectSigningAlg());
assertEquals(newRp.getRequestObjectEncryptionAlg(), rp.getRequestObjectEncryptionAlg());
assertEquals(newRp.getRequestObjectEncryptionEnc(), rp.getRequestObjectEncryptionEnc());
assertEquals(newRp.getDefaultMaxAge(), rp.getDefaultMaxAge());
assertEquals(newRp.getRequireAuthTime(), rp.getRequireAuthTime());
assertEquals(newRp.getInitiateLoginUri(), rp.getInitiateLoginUri());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getAuthorizedOrigins())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getAuthorizedOrigins())));
assertEquals(newRp.getAccessTokenLifetime(), rp.getAccessTokenLifetime());
assertEquals(newRp.getSoftwareId(), rp.getSoftwareId());
assertEquals(newRp.getSoftwareVersion(), rp.getSoftwareVersion());
assertEquals(newRp.getSoftwareStatement(), rp.getSoftwareStatement());
assertEquals(newRp.getClientJwksUri(), rp.getClientJwksUri());
assertEquals(Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(newRp.getClaimsRedirectUri())), Jackson2.createRpMapper().readTree(Jackson2.serializeWithoutNulls(rp.getClaimsRedirectUri())));
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RegisterRequestMapperTest method createRp.
public Rp createRp() {
Rp rp = new Rp();
rp.setClientName("clientName");
rp.setApplicationType("web");
rp.setTokenEndpointAuthSigningAlg("HS256");
rp.setGrantType(Lists.newArrayList(GrantType.AUTHORIZATION_CODE.getValue(), GrantType.OXAUTH_UMA_TICKET.getValue(), GrantType.CLIENT_CREDENTIALS.getValue()));
rp.setFrontChannelLogoutUri("https://client.example.org/logout");
rp.setTokenEndpointAuthMethod("client_secret_basic");
rp.setRequestUris(Lists.newArrayList("https://client.example.org/requestUri"));
rp.setSectorIdentifierUri("https://client.example.org/identifierUri");
rp.setRedirectUris(Lists.newArrayList("https://client.example.org/redirectUri"));
rp.setRedirectUri("https://client.example.org/redirectUri");
rp.setAccessTokenAsJwt(true);
rp.setAccessTokenSigningAlg("HS256");
rp.setRptAsJwt(true);
rp.setResponseTypes(Lists.newArrayList("code"));
rp.setAcrValues(Lists.newArrayList("basic"));
rp.setContacts(Lists.newArrayList("contact"));
rp.setPostLogoutRedirectUris(Lists.newArrayList("https://client.example.org/postLogoutUri"));
rp.setScope(Lists.newArrayList("openid"));
rp.setLogoUri("https://client.example.org/logoutUri");
rp.setClientUri("https://client.example.org/clientUri");
rp.setPolicyUri("https://client.example.org/policyUri");
rp.setFrontChannelLogoutSessionRequired(true);
rp.setTosUri("https://client.example.org/tosUri");
rp.setJwks("{\"key1\": \"value1\", \"key2\": \"value2\"}");
rp.setIdTokenBindingCnf("4NRB1-0XZABZI9E6-5SM3R");
rp.setTlsClientAuthSubjectDn("www.test.com");
rp.setSubjectType("pairwise");
rp.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(true);
rp.setIdTokenSignedResponseAlg("HS256");
rp.setIdTokenEncryptedResponseAlg("RSA1_5");
rp.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256.toString());
rp.setUserInfoSignedResponseAlg("HS256");
rp.setUserInfoEncryptedResponseAlg("RSA1_5");
rp.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256.toString());
rp.setRequestObjectSigningAlg("HS256");
rp.setRequestObjectEncryptionAlg("RSA1_5");
rp.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256.toString());
rp.setDefaultMaxAge(1000);
rp.setRequireAuthTime(true);
rp.setInitiateLoginUri("https://client.example.org/identifierUri");
rp.setAuthorizedOrigins(Lists.newArrayList("https://client.example.org/requestUri"));
rp.setAccessTokenLifetime(1000);
rp.setSoftwareId("4NRB1-0XZABZI9E6-5SM3R");
rp.setSoftwareVersion("2.0");
rp.setSoftwareStatement("software name");
rp.setClientJwksUri("https://client.example.org/jwksUri");
rp.setClaimsRedirectUri(Lists.newArrayList("https://client.example.org/requestUri"));
return rp;
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class UpdateSiteTest method update.
@Parameters({ "host", "opHost" })
@Test
public void update(String host, String opHost) throws IOException {
String authorizationRedirectUri = "https://client.example.com/cb";
String anotherRedirectUri = "https://client.example.com/another";
String logoutUri = "https://client.example.com/logout";
final RegisterSiteParams registerParams = new RegisterSiteParams();
registerParams.setOpHost(opHost);
registerParams.setClientFrontchannelLogoutUri(logoutUri);
registerParams.setRedirectUris(Lists.newArrayList(authorizationRedirectUri, anotherRedirectUri, logoutUri));
registerParams.setAcrValues(Lists.newArrayList("basic"));
registerParams.setScope(Lists.newArrayList("openid", "profile"));
registerParams.setGrantTypes(Lists.newArrayList("authorization_code"));
registerParams.setResponseTypes(Lists.newArrayList("code"));
registerParams.setAcrValues(Lists.newArrayList("acrBefore"));
RegisterSiteResponse registerResponse = Tester.newClient(host).registerSite(registerParams);
assertNotNull(registerResponse);
assertNotNull(registerResponse.getRpId());
String rpId = registerResponse.getRpId();
Rp fetchedRp = fetchRp(host, registerResponse);
assertEquals(authorizationRedirectUri, fetchedRp.getRedirectUri());
assertEquals(Lists.newArrayList("acrBefore"), fetchedRp.getAcrValues());
final UpdateSiteParams updateParams = new UpdateSiteParams();
updateParams.setRpId(rpId);
updateParams.setRedirectUris(Lists.newArrayList(anotherRedirectUri));
updateParams.setScope(Lists.newArrayList("profile"));
updateParams.setAcrValues(Lists.newArrayList("acrAfter"));
UpdateSiteResponse updateResponse = Tester.newClient(host).updateSite(Tester.getAuthorization(registerResponse), null, updateParams);
assertNotNull(updateResponse);
fetchedRp = fetchRp(host, registerResponse);
assertEquals(anotherRedirectUri, fetchedRp.getRedirectUri());
assertEquals(Lists.newArrayList("acrAfter"), fetchedRp.getAcrValues());
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RsProtectTest method protect_withResourceCreationExpiration.
@Parameters({ "host", "redirectUrls", "opHost", "rsProtectWithCreationExpiration" })
@Test
public void protect_withResourceCreationExpiration(String host, String redirectUrls, String opHost, String rsProtectWithCreationExpiration) throws IOException {
ClientInterface client = Tester.newClient(host);
final RegisterSiteResponse site = RegisterSiteTest.registerSite(client, opHost, redirectUrls);
protectResources(client, site, UmaFullTest.resourceList(rsProtectWithCreationExpiration).getResources());
Rp rp = persistenceService.getRp(site.getRpId());
rp.getUmaProtectedResources().forEach(ele -> {
assertEquals(1582890956L, ele.getIat().longValue());
assertEquals(2079299799L, ele.getExp().longValue());
});
}
use of io.jans.ca.server.service.Rp in project jans by JanssenProject.
the class RestResource method validateAuthorizationRpId.
private static void validateAuthorizationRpId(RpServerConfiguration conf, String AuthorizationRpId) {
if (Strings.isNullOrEmpty(AuthorizationRpId)) {
return;
}
final RpSyncService rpSyncService = ServerLauncher.getInjector().getInstance(RpSyncService.class);
final Rp rp = rpSyncService.getRp(AuthorizationRpId);
if (rp == null || Strings.isNullOrEmpty(rp.getRpId())) {
LOG.debug("`rp_id` in `AuthorizationRpId` header is not registered in jans_client_api.");
throw new HttpException(ErrorResponseCode.AUTHORIZATION_RP_ID_NOT_FOUND);
}
if (conf.getProtectCommandsWithRpId() == null || conf.getProtectCommandsWithRpId().isEmpty()) {
return;
}
if (!conf.getProtectCommandsWithRpId().contains(AuthorizationRpId)) {
LOG.debug("`rp_id` in `AuthorizationRpId` header is invalid. The `AuthorizationRpId` header should contain `rp_id` from `protect_commands_with_rp_id` field in client-api-server.yml.");
throw new HttpException(ErrorResponseCode.INVALID_AUTHORIZATION_RP_ID);
}
}
Aggregations