Example 1 with USER_AGENT
use of javax.ws.rs.core.HttpHeaders.USER_AGENT in project ddf by codice.
the class TestOidc method testCodeFlowLogin.
// --------------------------Code Flow Tests--------------------------//
@Test
public void testCodeFlowLogin() throws Exception {
Map<String, String> initialResponseParams = sendInitialRequest(CODE);
assertThat(initialResponseParams.get(SCOPE), is(DDF_SCOPE));
assertThat(initialResponseParams.get(RESPONSE_TYPE), is(CODE));
assertThat(initialResponseParams.get(CLIENT_ID), is(DDF_CLIENT_ID));
assertTrue(initialResponseParams.containsKey(REDIRECT_URI));
// recommended by spec
assertTrue(initialResponseParams.containsKey(STATE));
// optional but sent in DDF
assertTrue(initialResponseParams.containsKey(RESPONSE_MODE));
// optional but sent in DDF
assertTrue(initialResponseParams.containsKey(NONCE));
// Add token endpoint information to stub server
String basicAuthHeader = "Basic " + java.util.Base64.getEncoder().encodeToString((DDF_CLIENT_ID + ":" + DDF_CLIENT_SECRET).getBytes(StandardCharsets.UTF_8));
String validIdToken = getBaseIdTokenBuilder().withClaim(NONCE, initialResponseParams.get(NONCE)).sign(validAlgorithm);
String validAccessToken = createAccessToken(true);
String tokenEndpointResponse = createTokenEndpointResponse(validIdToken, validAccessToken);
whenHttp(server).match(post(TOKEN_ENDPOINT_PATH), parameter(CODE, TEMPORARY_CODE), parameter("grant_type", "authorization_code"), withHeader(AUTHORIZATION, basicAuthHeader)).then(ok(), contentType(APPLICATION_JSON), bytesContent(tokenEndpointResponse.getBytes()));
// Respond to request after user logged in with the temporary code
Response searchResponse = given().cookie(JSESSIONID, initialResponseParams.get(JSESSIONID)).header(USER_AGENT, BROWSER_USER_AGENT).header(HOST, "localhost:" + HTTPS_PORT.getPort()).header("Origin", URL_START.toString()).param(CODE, TEMPORARY_CODE).param(STATE, initialResponseParams.get(STATE)).redirects().follow(false).expect().statusCode(200).when().post(initialResponseParams.get(REDIRECT_URI));
// Verify that the stub server was hit
List<Call> tokenEndpointCalls = server.getCalls().stream().filter(call -> call.getUrl().equals(URL_START + TOKEN_ENDPOINT_PATH)).collect(Collectors.toList());
assertThat(tokenEndpointCalls.size(), is(1));
// Verify that we're logged in as admin
Map<String, Object> userInfoList = getUserInfo(initialResponseParams.get(JSESSIONID));
assertThat(userInfoList.get("name"), is(ADMIN));
logout(initialResponseParams.get(JSESSIONID));
}
Also used :
Response(io.restassured.response.Response)
KeyPair(java.security.KeyPair)
Arrays(java.util.Arrays)
StubServer(com.xebialabs.restito.server.StubServer)
GET(javax.ws.rs.HttpMethod.GET)
Enumeration(java.util.Enumeration)
Date(java.util.Date)
PREFERRED_USERNAME(org.pac4j.oidc.profile.OidcProfileDefinition.PREFERRED_USERNAME)
HttpStatus(org.apache.http.HttpStatus)
GsonBuilder(com.google.gson.GsonBuilder)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
NONCE(org.pac4j.oidc.profile.OidcProfileDefinition.NONCE)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
Gson(com.google.gson.Gson)
Duration(java.time.Duration)
Map(java.util.Map)
Base64URL(com.nimbusds.jose.util.Base64URL)
AbstractIntegrationTest(org.codice.ddf.itests.common.AbstractIntegrationTest)
URI(java.net.URI)
APPLICATION_JSON(javax.ws.rs.core.MediaType.APPLICATION_JSON)
KeyPairGenerator(java.security.KeyPairGenerator)
Awaitility.await(org.awaitility.Awaitility.await)
ImmutableMap(com.google.common.collect.ImmutableMap)
JWTCreator(com.auth0.jwt.JWTCreator)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Condition.parameter(com.xebialabs.restito.semantics.Condition.parameter)
UUID(java.util.UUID)
Instant(java.time.Instant)
Collectors(java.util.stream.Collectors)
JWK(com.nimbusds.jose.jwk.JWK)
StandardCharsets(java.nio.charset.StandardCharsets)
HOST(javax.ws.rs.core.HttpHeaders.HOST)
PerSuite(org.ops4j.pax.exam.spi.reactors.PerSuite)
List(java.util.List)
JSONObject(org.json.simple.JSONObject)
Action.bytesContent(com.xebialabs.restito.semantics.Action.bytesContent)
KeyUse(com.nimbusds.jose.jwk.KeyUse)
URLEncodedUtils(org.apache.http.client.utils.URLEncodedUtils)
SECURE_ROOT(org.codice.ddf.itests.common.AbstractIntegrationTest.DynamicUrl.SECURE_ROOT)
Action.ok(com.xebialabs.restito.semantics.Action.ok)
RestAssured.given(io.restassured.RestAssured.given)
Matchers.is(org.hamcrest.Matchers.is)
Condition.withHeader(com.xebialabs.restito.semantics.Condition.withHeader)
AfterExam(org.codice.ddf.test.common.annotations.AfterExam)
NameValuePair(org.apache.http.NameValuePair)
Dictionary(java.util.Dictionary)
StubHttp.whenHttp(com.xebialabs.restito.builder.stub.StubHttp.whenHttp)
PaxExam(org.ops4j.pax.exam.junit.PaxExam)
JWT(com.auth0.jwt.JWT)
Call(com.xebialabs.restito.semantics.Call)
MessageDigest(java.security.MessageDigest)
RunWith(org.junit.runner.RunWith)
BeforeExam(org.codice.ddf.test.common.annotations.BeforeExam)
AZP(org.pac4j.oidc.profile.OidcProfileDefinition.AZP)
REFRESH_TOKEN(org.pac4j.oidc.profile.OidcProfileDefinition.REFRESH_TOKEN)
LOCATION(javax.ws.rs.core.HttpHeaders.LOCATION)
Condition.post(com.xebialabs.restito.semantics.Condition.post)
ImmutableList(com.google.common.collect.ImmutableList)
Configuration(org.osgi.service.cm.Configuration)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
Condition.get(com.xebialabs.restito.semantics.Condition.get)
AUTHORIZATION(javax.ws.rs.core.HttpHeaders.AUTHORIZATION)
GsonTypeAdapters(org.codice.gsonsupport.GsonTypeAdapters)
Hashtable(java.util.Hashtable)
Before(org.junit.Before)
Matchers.greaterThanOrEqualTo(org.hamcrest.Matchers.greaterThanOrEqualTo)
PublicClaims(com.auth0.jwt.impl.PublicClaims)
Assert.assertTrue(org.junit.Assert.assertTrue)
AUTH_TIME(org.pac4j.oidc.profile.OidcProfileDefinition.AUTH_TIME)
Test(org.junit.Test)
USER_AGENT(javax.ws.rs.core.HttpHeaders.USER_AGENT)
EMAIL_VERIFIED(org.pac4j.oidc.profile.OidcProfileDefinition.EMAIL_VERIFIED)
TimeUnit(java.util.concurrent.TimeUnit)
ExamReactorStrategy(org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy)
RSAKey(com.nimbusds.jose.jwk.RSAKey)
Response(io.restassured.response.Response)
Action.contentType(com.xebialabs.restito.semantics.Action.contentType)
ACCESS_TOKEN(org.pac4j.oidc.profile.OidcProfileDefinition.ACCESS_TOKEN)
LoggingUtils(org.codice.ddf.test.common.LoggingUtils)
Call(com.xebialabs.restito.semantics.Call)
JSONObject(org.json.simple.JSONObject)
AbstractIntegrationTest(org.codice.ddf.itests.common.AbstractIntegrationTest)
Test(org.junit.Test)
Aggregations
JWT (com.auth0.jwt.JWT)1
JWTCreator (com.auth0.jwt.JWTCreator)1
Algorithm (com.auth0.jwt.algorithms.Algorithm)1
PublicClaims (com.auth0.jwt.impl.PublicClaims)1
ImmutableList (com.google.common.collect.ImmutableList)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
Gson (com.google.gson.Gson)1
GsonBuilder (com.google.gson.GsonBuilder)1
JWK (com.nimbusds.jose.jwk.JWK)1
KeyUse (com.nimbusds.jose.jwk.KeyUse)1
RSAKey (com.nimbusds.jose.jwk.RSAKey)1
Base64URL (com.nimbusds.jose.util.Base64URL)1
StubHttp.whenHttp (com.xebialabs.restito.builder.stub.StubHttp.whenHttp)1
Action.bytesContent (com.xebialabs.restito.semantics.Action.bytesContent)1
Action.contentType (com.xebialabs.restito.semantics.Action.contentType)1
Action.ok (com.xebialabs.restito.semantics.Action.ok)1
Call (com.xebialabs.restito.semantics.Call)1
Condition.get (com.xebialabs.restito.semantics.Condition.get)1
Condition.parameter (com.xebialabs.restito.semantics.Condition.parameter)1
Condition.post (com.xebialabs.restito.semantics.Condition.post)1
