Search in sources :

Example 1 with AUTHORIZATION

use of javax.ws.rs.core.HttpHeaders.AUTHORIZATION in project ddf by codice.

the class TestOidc method testCodeFlowLogin.

// --------------------------Code Flow Tests--------------------------//
@Test
public void testCodeFlowLogin() throws Exception {
    Map<String, String> initialResponseParams = sendInitialRequest(CODE);
    assertThat(initialResponseParams.get(SCOPE), is(DDF_SCOPE));
    assertThat(initialResponseParams.get(RESPONSE_TYPE), is(CODE));
    assertThat(initialResponseParams.get(CLIENT_ID), is(DDF_CLIENT_ID));
    assertTrue(initialResponseParams.containsKey(REDIRECT_URI));
    // recommended by spec
    assertTrue(initialResponseParams.containsKey(STATE));
    // optional but sent in DDF
    assertTrue(initialResponseParams.containsKey(RESPONSE_MODE));
    // optional but sent in DDF
    assertTrue(initialResponseParams.containsKey(NONCE));
    // Add token endpoint information to stub server
    String basicAuthHeader = "Basic " + java.util.Base64.getEncoder().encodeToString((DDF_CLIENT_ID + ":" + DDF_CLIENT_SECRET).getBytes(StandardCharsets.UTF_8));
    String validIdToken = getBaseIdTokenBuilder().withClaim(NONCE, initialResponseParams.get(NONCE)).sign(validAlgorithm);
    String validAccessToken = createAccessToken(true);
    String tokenEndpointResponse = createTokenEndpointResponse(validIdToken, validAccessToken);
    whenHttp(server).match(post(TOKEN_ENDPOINT_PATH), parameter(CODE, TEMPORARY_CODE), parameter("grant_type", "authorization_code"), withHeader(AUTHORIZATION, basicAuthHeader)).then(ok(), contentType(APPLICATION_JSON), bytesContent(tokenEndpointResponse.getBytes()));
    // Respond to request after user logged in with the temporary code
    Response searchResponse = given().cookie(JSESSIONID, initialResponseParams.get(JSESSIONID)).header(USER_AGENT, BROWSER_USER_AGENT).header(HOST, "localhost:" + HTTPS_PORT.getPort()).header("Origin", URL_START.toString()).param(CODE, TEMPORARY_CODE).param(STATE, initialResponseParams.get(STATE)).redirects().follow(false).expect().statusCode(200).when().post(initialResponseParams.get(REDIRECT_URI));
    // Verify that the stub server was hit
    List<Call> tokenEndpointCalls = server.getCalls().stream().filter(call -> call.getUrl().equals(URL_START + TOKEN_ENDPOINT_PATH)).collect(Collectors.toList());
    assertThat(tokenEndpointCalls.size(), is(1));
    // Verify that we're logged in as admin
    Map<String, Object> userInfoList = getUserInfo(initialResponseParams.get(JSESSIONID));
    assertThat(userInfoList.get("name"), is(ADMIN));
    logout(initialResponseParams.get(JSESSIONID));
}
Also used : Response(io.restassured.response.Response) KeyPair(java.security.KeyPair) Arrays(java.util.Arrays) StubServer(com.xebialabs.restito.server.StubServer) GET(javax.ws.rs.HttpMethod.GET) Enumeration(java.util.Enumeration) Date(java.util.Date) PREFERRED_USERNAME(org.pac4j.oidc.profile.OidcProfileDefinition.PREFERRED_USERNAME) HttpStatus(org.apache.http.HttpStatus) GsonBuilder(com.google.gson.GsonBuilder) Algorithm(com.auth0.jwt.algorithms.Algorithm) NONCE(org.pac4j.oidc.profile.OidcProfileDefinition.NONCE) RSAPublicKey(java.security.interfaces.RSAPublicKey) Gson(com.google.gson.Gson) Duration(java.time.Duration) Map(java.util.Map) Base64URL(com.nimbusds.jose.util.Base64URL) AbstractIntegrationTest(org.codice.ddf.itests.common.AbstractIntegrationTest) URI(java.net.URI) APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON) KeyPairGenerator(java.security.KeyPairGenerator) Awaitility.await(org.awaitility.Awaitility.await) ImmutableMap(com.google.common.collect.ImmutableMap) JWTCreator(com.auth0.jwt.JWTCreator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Condition.parameter(com.xebialabs.restito.semantics.Condition.parameter) UUID(java.util.UUID) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) JWK(com.nimbusds.jose.jwk.JWK) StandardCharsets(java.nio.charset.StandardCharsets) HOST(javax.ws.rs.core.HttpHeaders.HOST) PerSuite(org.ops4j.pax.exam.spi.reactors.PerSuite) List(java.util.List) JSONObject(org.json.simple.JSONObject) Action.bytesContent(com.xebialabs.restito.semantics.Action.bytesContent) KeyUse(com.nimbusds.jose.jwk.KeyUse) URLEncodedUtils(org.apache.http.client.utils.URLEncodedUtils) SECURE_ROOT(org.codice.ddf.itests.common.AbstractIntegrationTest.DynamicUrl.SECURE_ROOT) Action.ok(com.xebialabs.restito.semantics.Action.ok) RestAssured.given(io.restassured.RestAssured.given) Matchers.is(org.hamcrest.Matchers.is) Condition.withHeader(com.xebialabs.restito.semantics.Condition.withHeader) AfterExam(org.codice.ddf.test.common.annotations.AfterExam) NameValuePair(org.apache.http.NameValuePair) Dictionary(java.util.Dictionary) StubHttp.whenHttp(com.xebialabs.restito.builder.stub.StubHttp.whenHttp) PaxExam(org.ops4j.pax.exam.junit.PaxExam) JWT(com.auth0.jwt.JWT) Call(com.xebialabs.restito.semantics.Call) MessageDigest(java.security.MessageDigest) RunWith(org.junit.runner.RunWith) BeforeExam(org.codice.ddf.test.common.annotations.BeforeExam) AZP(org.pac4j.oidc.profile.OidcProfileDefinition.AZP) REFRESH_TOKEN(org.pac4j.oidc.profile.OidcProfileDefinition.REFRESH_TOKEN) LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION) Condition.post(com.xebialabs.restito.semantics.Condition.post) ImmutableList(com.google.common.collect.ImmutableList) Configuration(org.osgi.service.cm.Configuration) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Condition.get(com.xebialabs.restito.semantics.Condition.get) AUTHORIZATION(javax.ws.rs.core.HttpHeaders.AUTHORIZATION) GsonTypeAdapters(org.codice.gsonsupport.GsonTypeAdapters) Hashtable(java.util.Hashtable) Before(org.junit.Before) Matchers.greaterThanOrEqualTo(org.hamcrest.Matchers.greaterThanOrEqualTo) PublicClaims(com.auth0.jwt.impl.PublicClaims) Assert.assertTrue(org.junit.Assert.assertTrue) AUTH_TIME(org.pac4j.oidc.profile.OidcProfileDefinition.AUTH_TIME) Test(org.junit.Test) USER_AGENT(javax.ws.rs.core.HttpHeaders.USER_AGENT) EMAIL_VERIFIED(org.pac4j.oidc.profile.OidcProfileDefinition.EMAIL_VERIFIED) TimeUnit(java.util.concurrent.TimeUnit) ExamReactorStrategy(org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy) RSAKey(com.nimbusds.jose.jwk.RSAKey) Response(io.restassured.response.Response) Action.contentType(com.xebialabs.restito.semantics.Action.contentType) ACCESS_TOKEN(org.pac4j.oidc.profile.OidcProfileDefinition.ACCESS_TOKEN) LoggingUtils(org.codice.ddf.test.common.LoggingUtils) Call(com.xebialabs.restito.semantics.Call) JSONObject(org.json.simple.JSONObject) AbstractIntegrationTest(org.codice.ddf.itests.common.AbstractIntegrationTest) Test(org.junit.Test)

Example 2 with AUTHORIZATION

use of javax.ws.rs.core.HttpHeaders.AUTHORIZATION in project ddf by codice.

the class TestOidc method processCredentialFlow.

/**
 * Processes a credential flow request/response
 *
 * <ul>
 *   <li>Sets up a userinfo endpoint that responds with the given {@param userInfoResponse} when
 *       given {@param accessToken}
 *   <li>Sends a request to Intrigue with the {@param accessToken} as a parameter
 *   <li>Asserts that the response is teh expected response
 *   <li>Verifies if the userinfo endpoint is hit or not
 * </ul>
 *
 * @return the response for additional verification
 */
private Response processCredentialFlow(String accessToken, String userInfoResponse, boolean isSigned, int expectedStatusCode, boolean userInfoShouldBeHit) {
    // Host the user info endpoint with the access token in the auth header
    String basicAuthHeader = "Bearer " + accessToken;
    String contentType = isSigned ? "application/jwt" : APPLICATION_JSON;
    whenHttp(server).match(get(USER_INFO_ENDPOINT_PATH), withHeader(AUTHORIZATION, basicAuthHeader)).then(ok(), contentType(contentType), bytesContent(userInfoResponse.getBytes()));
    // Send a request to DDF with the access token
    Response response = given().redirects().follow(false).expect().statusCode(expectedStatusCode).when().get(ROOT_URL.getUrl() + "?access_token=" + accessToken);
    List<Call> endpointCalls = server.getCalls().stream().filter(call -> call.getMethod().getMethodString().equals(GET)).filter(call -> call.getUrl().equals(URL_START + USER_INFO_ENDPOINT_PATH)).collect(Collectors.toList());
    if (userInfoShouldBeHit) {
        assertThat(endpointCalls.size(), is(greaterThanOrEqualTo(1)));
    } else {
        assertThat(endpointCalls.size(), is(0));
    }
    return response;
}
Also used : Response(io.restassured.response.Response) KeyPair(java.security.KeyPair) Arrays(java.util.Arrays) StubServer(com.xebialabs.restito.server.StubServer) GET(javax.ws.rs.HttpMethod.GET) Enumeration(java.util.Enumeration) Date(java.util.Date) PREFERRED_USERNAME(org.pac4j.oidc.profile.OidcProfileDefinition.PREFERRED_USERNAME) HttpStatus(org.apache.http.HttpStatus) GsonBuilder(com.google.gson.GsonBuilder) Algorithm(com.auth0.jwt.algorithms.Algorithm) NONCE(org.pac4j.oidc.profile.OidcProfileDefinition.NONCE) RSAPublicKey(java.security.interfaces.RSAPublicKey) Gson(com.google.gson.Gson) Duration(java.time.Duration) Map(java.util.Map) Base64URL(com.nimbusds.jose.util.Base64URL) AbstractIntegrationTest(org.codice.ddf.itests.common.AbstractIntegrationTest) URI(java.net.URI) APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON) KeyPairGenerator(java.security.KeyPairGenerator) Awaitility.await(org.awaitility.Awaitility.await) ImmutableMap(com.google.common.collect.ImmutableMap) JWTCreator(com.auth0.jwt.JWTCreator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Condition.parameter(com.xebialabs.restito.semantics.Condition.parameter) UUID(java.util.UUID) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) JWK(com.nimbusds.jose.jwk.JWK) StandardCharsets(java.nio.charset.StandardCharsets) HOST(javax.ws.rs.core.HttpHeaders.HOST) PerSuite(org.ops4j.pax.exam.spi.reactors.PerSuite) List(java.util.List) JSONObject(org.json.simple.JSONObject) Action.bytesContent(com.xebialabs.restito.semantics.Action.bytesContent) KeyUse(com.nimbusds.jose.jwk.KeyUse) URLEncodedUtils(org.apache.http.client.utils.URLEncodedUtils) SECURE_ROOT(org.codice.ddf.itests.common.AbstractIntegrationTest.DynamicUrl.SECURE_ROOT) Action.ok(com.xebialabs.restito.semantics.Action.ok) RestAssured.given(io.restassured.RestAssured.given) Matchers.is(org.hamcrest.Matchers.is) Condition.withHeader(com.xebialabs.restito.semantics.Condition.withHeader) AfterExam(org.codice.ddf.test.common.annotations.AfterExam) NameValuePair(org.apache.http.NameValuePair) Dictionary(java.util.Dictionary) StubHttp.whenHttp(com.xebialabs.restito.builder.stub.StubHttp.whenHttp) PaxExam(org.ops4j.pax.exam.junit.PaxExam) JWT(com.auth0.jwt.JWT) Call(com.xebialabs.restito.semantics.Call) MessageDigest(java.security.MessageDigest) RunWith(org.junit.runner.RunWith) BeforeExam(org.codice.ddf.test.common.annotations.BeforeExam) AZP(org.pac4j.oidc.profile.OidcProfileDefinition.AZP) REFRESH_TOKEN(org.pac4j.oidc.profile.OidcProfileDefinition.REFRESH_TOKEN) LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION) Condition.post(com.xebialabs.restito.semantics.Condition.post) ImmutableList(com.google.common.collect.ImmutableList) Configuration(org.osgi.service.cm.Configuration) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Condition.get(com.xebialabs.restito.semantics.Condition.get) AUTHORIZATION(javax.ws.rs.core.HttpHeaders.AUTHORIZATION) GsonTypeAdapters(org.codice.gsonsupport.GsonTypeAdapters) Hashtable(java.util.Hashtable) Before(org.junit.Before) Matchers.greaterThanOrEqualTo(org.hamcrest.Matchers.greaterThanOrEqualTo) PublicClaims(com.auth0.jwt.impl.PublicClaims) Assert.assertTrue(org.junit.Assert.assertTrue) AUTH_TIME(org.pac4j.oidc.profile.OidcProfileDefinition.AUTH_TIME) Test(org.junit.Test) USER_AGENT(javax.ws.rs.core.HttpHeaders.USER_AGENT) EMAIL_VERIFIED(org.pac4j.oidc.profile.OidcProfileDefinition.EMAIL_VERIFIED) TimeUnit(java.util.concurrent.TimeUnit) ExamReactorStrategy(org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy) RSAKey(com.nimbusds.jose.jwk.RSAKey) Response(io.restassured.response.Response) Action.contentType(com.xebialabs.restito.semantics.Action.contentType) ACCESS_TOKEN(org.pac4j.oidc.profile.OidcProfileDefinition.ACCESS_TOKEN) LoggingUtils(org.codice.ddf.test.common.LoggingUtils) Call(com.xebialabs.restito.semantics.Call)

Aggregations

JWT (com.auth0.jwt.JWT)2 JWTCreator (com.auth0.jwt.JWTCreator)2 Algorithm (com.auth0.jwt.algorithms.Algorithm)2 PublicClaims (com.auth0.jwt.impl.PublicClaims)2 ImmutableList (com.google.common.collect.ImmutableList)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 Gson (com.google.gson.Gson)2 GsonBuilder (com.google.gson.GsonBuilder)2 JWK (com.nimbusds.jose.jwk.JWK)2 KeyUse (com.nimbusds.jose.jwk.KeyUse)2 RSAKey (com.nimbusds.jose.jwk.RSAKey)2 Base64URL (com.nimbusds.jose.util.Base64URL)2 StubHttp.whenHttp (com.xebialabs.restito.builder.stub.StubHttp.whenHttp)2 Action.bytesContent (com.xebialabs.restito.semantics.Action.bytesContent)2 Action.contentType (com.xebialabs.restito.semantics.Action.contentType)2 Action.ok (com.xebialabs.restito.semantics.Action.ok)2 Call (com.xebialabs.restito.semantics.Call)2 Condition.get (com.xebialabs.restito.semantics.Condition.get)2 Condition.parameter (com.xebialabs.restito.semantics.Condition.parameter)2 Condition.post (com.xebialabs.restito.semantics.Condition.post)2