Search in sources :

Example 61 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class GenerateMTLSCertificateFromJWKs method evaluate.

@Override
@PreEnvironment(required = "client_jwks", strings = "client_name")
@PostEnvironment(required = "mutual_tls_authentication")
public Environment evaluate(Environment env) {
    JWKSet jwks;
    try {
        jwks = JWKSet.parse(env.getObject("client_jwks").toString());
    } catch (ParseException e) {
        throw error("Failed to parse JWKs", e);
    }
    JWK jwk = jwks.getKeys().get(0);
    KeyPair keyPair = toKeyPair(jwk);
    String clientName = env.getString("client_name");
    long now = System.currentTimeMillis();
    Date notBefore = new Date(now);
    Calendar calendar = Calendar.getInstance();
    calendar.setTime(notBefore);
    calendar.add(Calendar.YEAR, 1);
    Date notAfter = calendar.getTime();
    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
    certGen.setSerialNumber(BigInteger.valueOf(now));
    certGen.setSubjectDN(new X500Principal("cn=" + clientName));
    certGen.setIssuerDN(new X500Principal("cn=" + clientName));
    certGen.setNotBefore(notBefore);
    certGen.setNotAfter(notAfter);
    certGen.setPublicKey(keyPair.getPublic());
    certGen.setSignatureAlgorithm(getSigningAlgorithm(jwk));
    certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
    X509Certificate cert;
    try {
        cert = certGen.generate(keyPair.getPrivate(), "BC");
    } catch (CertificateEncodingException | InvalidKeyException | IllegalStateException | NoSuchProviderException | NoSuchAlgorithmException | SignatureException e) {
        throw error("Failed to generate certificate", e);
    }
    JsonObject mtls = new JsonObject();
    try {
        mtls.addProperty("cert", Base64.getEncoder().encodeToString(cert.getEncoded()));
    } catch (CertificateEncodingException e) {
        throw error("Error encoding certificate", e);
    }
    mtls.addProperty("key", Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded()));
    env.putObject("mutual_tls_authentication", mtls);
    logSuccess("Generated client MTLS certificate", args("mutual_tls_authentication", mtls));
    return env;
}
Also used : KeyPair(java.security.KeyPair) Calendar(java.util.Calendar) JsonObject(com.google.gson.JsonObject) CertificateEncodingException(java.security.cert.CertificateEncodingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SignatureException(java.security.SignatureException) InvalidKeyException(java.security.InvalidKeyException) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) X509V3CertificateGenerator(org.bouncycastle.x509.X509V3CertificateGenerator) JWKSet(com.nimbusds.jose.jwk.JWKSet) X500Principal(javax.security.auth.x500.X500Principal) ParseException(java.text.ParseException) NoSuchProviderException(java.security.NoSuchProviderException) BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints) JWK(com.nimbusds.jose.jwk.JWK) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 62 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class GetDynamicServerConfiguration method evaluate.

@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = { "server", "discovery_endpoint_response" })
public Environment evaluate(Environment env) {
    if (!env.containsObject("config")) {
        throw error("Couldn't find a configuration");
    }
    String staticIssuer = env.getString("config", "server.issuer");
    if (!Strings.isNullOrEmpty(staticIssuer)) {
        throw error("Test set to use dynamic server configuration but test configuration contains static server configuration", args("issuer", staticIssuer));
    }
    String discoveryUrl = env.getString("config", "server.discoveryUrl");
    if (Strings.isNullOrEmpty(discoveryUrl)) {
        String iss = env.getString("config", "server.discoveryIssuer");
        discoveryUrl = iss + "/.well-known/openid-configuration";
        if (Strings.isNullOrEmpty(iss)) {
            throw error("Couldn't find discoveryUrl or discoveryIssuer field for discovery purposes");
        }
    }
    // get out the server configuration component
    if (!Strings.isNullOrEmpty(discoveryUrl)) {
        // do an auto-discovery here
        // fetch the value
        String jsonString;
        try {
            RestTemplate restTemplate = createRestTemplate(env);
            ResponseEntity<String> response = restTemplate.exchange(discoveryUrl, HttpMethod.GET, null, String.class);
            JsonObject responseInfo = convertResponseForEnvironment("discovery", response);
            env.putObject("discovery_endpoint_response", responseInfo);
            jsonString = response.getBody();
        } catch (UnrecoverableKeyException | KeyManagementException | CertificateException | InvalidKeySpecException | NoSuchAlgorithmException | KeyStoreException | IOException e) {
            throw error("Error creating HTTP client", e);
        } catch (RestClientException e) {
            String msg = "Unable to fetch server configuration from " + discoveryUrl;
            if (e.getCause() != null) {
                msg += " - " + e.getCause().getMessage();
            }
            throw error(msg, e);
        }
        if (!Strings.isNullOrEmpty(jsonString)) {
            try {
                JsonObject serverConfig = JsonParser.parseString(jsonString).getAsJsonObject();
                logSuccess("Successfully parsed server configuration", serverConfig);
                env.putObject("server", serverConfig);
                return env;
            } catch (JsonSyntaxException e) {
                throw error(e, args("json", jsonString));
            }
        } else {
            throw error("empty server configuration");
        }
    } else {
        throw error("Couldn't find or construct a discovery URL");
    }
}
Also used : JsonObject(com.google.gson.JsonObject) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) JsonSyntaxException(com.google.gson.JsonSyntaxException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RestTemplate(org.springframework.web.client.RestTemplate) RestClientException(org.springframework.web.client.RestClientException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 63 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class GetStaticClient2Configuration method evaluate.

@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "client2")
public Environment evaluate(Environment env) {
    if (!env.containsObject("config")) {
        throw error("Couldn't find a configuration");
    }
    // make sure we've got a client object
    JsonElement client = env.getElementFromObject("config", "client2");
    if (client == null || !client.isJsonObject()) {
        throw error("Definition for client2 not present in supplied configuration");
    } else {
        // we've got a client object, put it in the environment
        env.putObject("client2", client.getAsJsonObject());
        logSuccess("Found a static second client object", client.getAsJsonObject());
        return env;
    }
}
Also used : JsonElement(com.google.gson.JsonElement) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 64 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class GetStaticClientConfiguration method evaluate.

@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "client", strings = "client_id")
public Environment evaluate(Environment env) {
    // make sure we've got a client object
    JsonElement clientEl = env.getElementFromObject("config", "client");
    if (clientEl == null || !clientEl.isJsonObject()) {
        throw error("As static client was selected, the test configuration must contain a client configuration");
    } else {
        JsonObject client = clientEl.getAsJsonObject();
        // we've got a client object, put it in the environment
        env.putObject("client", client);
        JsonElement clientId = client.get("client_id");
        if (clientId == null) {
            throw error("As static client was selected, the test configuration must contain a client_id");
        }
        if (!clientId.isJsonPrimitive() || !clientId.getAsJsonPrimitive().isString()) {
            throw error("client_id in test configuration is not a string");
        }
        // pull out the client ID and put it in the root environment for easy access
        env.putString("client_id", OIDFJSON.getString(clientId));
        logSuccess("Found a static client object", client);
        return env;
    }
}
Also used : JsonElement(com.google.gson.JsonElement) JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 65 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class GetStaticServerConfiguration method evaluate.

@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "server")
public Environment evaluate(Environment env) {
    String discoveryUrl = env.getString("config", "server.discoveryUrl");
    String iss = env.getString("config", "server.discoveryIssuer");
    if (!Strings.isNullOrEmpty(discoveryUrl) || !Strings.isNullOrEmpty(iss)) {
        throw error("Test set to use static server configuration but test configuration contains discovery information", args("discoveryUrl", discoveryUrl, "discoveryIssuer", iss));
    }
    // make sure we've got a server object
    JsonElement server = env.getElementFromObject("config", "server");
    if (server == null || !server.isJsonObject()) {
        throw error("Couldn't find server object in configuration");
    } else {
        // we've got a server object, put it in the environment
        env.putObject("server", server.getAsJsonObject());
        logSuccess("Found a static server object", server.getAsJsonObject());
        return env;
    }
}
Also used : JsonElement(com.google.gson.JsonElement) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Aggregations

PostEnvironment (net.openid.conformance.condition.PostEnvironment)399 PreEnvironment (net.openid.conformance.condition.PreEnvironment)379 JsonObject (com.google.gson.JsonObject)372 JsonElement (com.google.gson.JsonElement)61 JsonArray (com.google.gson.JsonArray)49 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)22 Instant (java.time.Instant)21 ParseException (java.text.ParseException)17 CertificateException (java.security.cert.CertificateException)16 IOException (java.io.IOException)15 KeyManagementException (java.security.KeyManagementException)15 KeyStoreException (java.security.KeyStoreException)15 UnrecoverableKeyException (java.security.UnrecoverableKeyException)15 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)15 RestClientException (org.springframework.web.client.RestClientException)15 RestTemplate (org.springframework.web.client.RestTemplate)15 JOSEException (com.nimbusds.jose.JOSEException)9 JWK (com.nimbusds.jose.jwk.JWK)9 RestClientResponseException (org.springframework.web.client.RestClientResponseException)9 JWKSet (com.nimbusds.jose.jwk.JWKSet)7