use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class GenerateMTLSCertificateFromJWKs method evaluate.
@Override
@PreEnvironment(required = "client_jwks", strings = "client_name")
@PostEnvironment(required = "mutual_tls_authentication")
public Environment evaluate(Environment env) {
JWKSet jwks;
try {
jwks = JWKSet.parse(env.getObject("client_jwks").toString());
} catch (ParseException e) {
throw error("Failed to parse JWKs", e);
}
JWK jwk = jwks.getKeys().get(0);
KeyPair keyPair = toKeyPair(jwk);
String clientName = env.getString("client_name");
long now = System.currentTimeMillis();
Date notBefore = new Date(now);
Calendar calendar = Calendar.getInstance();
calendar.setTime(notBefore);
calendar.add(Calendar.YEAR, 1);
Date notAfter = calendar.getTime();
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(now));
certGen.setSubjectDN(new X500Principal("cn=" + clientName));
certGen.setIssuerDN(new X500Principal("cn=" + clientName));
certGen.setNotBefore(notBefore);
certGen.setNotAfter(notAfter);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(getSigningAlgorithm(jwk));
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
X509Certificate cert;
try {
cert = certGen.generate(keyPair.getPrivate(), "BC");
} catch (CertificateEncodingException | InvalidKeyException | IllegalStateException | NoSuchProviderException | NoSuchAlgorithmException | SignatureException e) {
throw error("Failed to generate certificate", e);
}
JsonObject mtls = new JsonObject();
try {
mtls.addProperty("cert", Base64.getEncoder().encodeToString(cert.getEncoded()));
} catch (CertificateEncodingException e) {
throw error("Error encoding certificate", e);
}
mtls.addProperty("key", Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded()));
env.putObject("mutual_tls_authentication", mtls);
logSuccess("Generated client MTLS certificate", args("mutual_tls_authentication", mtls));
return env;
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class GetDynamicServerConfiguration method evaluate.
@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = { "server", "discovery_endpoint_response" })
public Environment evaluate(Environment env) {
if (!env.containsObject("config")) {
throw error("Couldn't find a configuration");
}
String staticIssuer = env.getString("config", "server.issuer");
if (!Strings.isNullOrEmpty(staticIssuer)) {
throw error("Test set to use dynamic server configuration but test configuration contains static server configuration", args("issuer", staticIssuer));
}
String discoveryUrl = env.getString("config", "server.discoveryUrl");
if (Strings.isNullOrEmpty(discoveryUrl)) {
String iss = env.getString("config", "server.discoveryIssuer");
discoveryUrl = iss + "/.well-known/openid-configuration";
if (Strings.isNullOrEmpty(iss)) {
throw error("Couldn't find discoveryUrl or discoveryIssuer field for discovery purposes");
}
}
// get out the server configuration component
if (!Strings.isNullOrEmpty(discoveryUrl)) {
// do an auto-discovery here
// fetch the value
String jsonString;
try {
RestTemplate restTemplate = createRestTemplate(env);
ResponseEntity<String> response = restTemplate.exchange(discoveryUrl, HttpMethod.GET, null, String.class);
JsonObject responseInfo = convertResponseForEnvironment("discovery", response);
env.putObject("discovery_endpoint_response", responseInfo);
jsonString = response.getBody();
} catch (UnrecoverableKeyException | KeyManagementException | CertificateException | InvalidKeySpecException | NoSuchAlgorithmException | KeyStoreException | IOException e) {
throw error("Error creating HTTP client", e);
} catch (RestClientException e) {
String msg = "Unable to fetch server configuration from " + discoveryUrl;
if (e.getCause() != null) {
msg += " - " + e.getCause().getMessage();
}
throw error(msg, e);
}
if (!Strings.isNullOrEmpty(jsonString)) {
try {
JsonObject serverConfig = JsonParser.parseString(jsonString).getAsJsonObject();
logSuccess("Successfully parsed server configuration", serverConfig);
env.putObject("server", serverConfig);
return env;
} catch (JsonSyntaxException e) {
throw error(e, args("json", jsonString));
}
} else {
throw error("empty server configuration");
}
} else {
throw error("Couldn't find or construct a discovery URL");
}
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class GetStaticClient2Configuration method evaluate.
@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "client2")
public Environment evaluate(Environment env) {
if (!env.containsObject("config")) {
throw error("Couldn't find a configuration");
}
// make sure we've got a client object
JsonElement client = env.getElementFromObject("config", "client2");
if (client == null || !client.isJsonObject()) {
throw error("Definition for client2 not present in supplied configuration");
} else {
// we've got a client object, put it in the environment
env.putObject("client2", client.getAsJsonObject());
logSuccess("Found a static second client object", client.getAsJsonObject());
return env;
}
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class GetStaticClientConfiguration method evaluate.
@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "client", strings = "client_id")
public Environment evaluate(Environment env) {
// make sure we've got a client object
JsonElement clientEl = env.getElementFromObject("config", "client");
if (clientEl == null || !clientEl.isJsonObject()) {
throw error("As static client was selected, the test configuration must contain a client configuration");
} else {
JsonObject client = clientEl.getAsJsonObject();
// we've got a client object, put it in the environment
env.putObject("client", client);
JsonElement clientId = client.get("client_id");
if (clientId == null) {
throw error("As static client was selected, the test configuration must contain a client_id");
}
if (!clientId.isJsonPrimitive() || !clientId.getAsJsonPrimitive().isString()) {
throw error("client_id in test configuration is not a string");
}
// pull out the client ID and put it in the root environment for easy access
env.putString("client_id", OIDFJSON.getString(clientId));
logSuccess("Found a static client object", client);
return env;
}
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class GetStaticServerConfiguration method evaluate.
@Override
@PreEnvironment(required = "config")
@PostEnvironment(required = "server")
public Environment evaluate(Environment env) {
String discoveryUrl = env.getString("config", "server.discoveryUrl");
String iss = env.getString("config", "server.discoveryIssuer");
if (!Strings.isNullOrEmpty(discoveryUrl) || !Strings.isNullOrEmpty(iss)) {
throw error("Test set to use static server configuration but test configuration contains discovery information", args("discoveryUrl", discoveryUrl, "discoveryIssuer", iss));
}
// make sure we've got a server object
JsonElement server = env.getElementFromObject("config", "server");
if (server == null || !server.isJsonObject()) {
throw error("Couldn't find server object in configuration");
} else {
// we've got a server object, put it in the environment
env.putObject("server", server.getAsJsonObject());
logSuccess("Found a static server object", server.getAsJsonObject());
return env;
}
}
Aggregations