Examples with PostEnvironment net.openid.conformance.condition.PostEnvironment used on opensource projects

Example 11 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class EncryptUserInfoResponse method evaluate.

/**
 * Also requires, either signed_user_info_endpoint_response or user_info_endpoint_response
 * @param env
 * @return
 */
@Override
@PreEnvironment(required = "client")
@PostEnvironment(strings = "encrypted_user_info_endpoint_response")
public Environment evaluate(Environment env) {
    String userinfoResponse = env.getString("signed_user_info_endpoint_response");
    if (userinfoResponse == null) {
        JsonObject unsignedUserinfo = env.getObject("user_info_endpoint_response");
        userinfoResponse = unsignedUserinfo.toString();
    }
    String alg = env.getString("client", "userinfo_encrypted_response_alg");
    String enc = env.getString("client", "userinfo_encrypted_response_enc");
    String clientSecret = env.getString("client", "client_secret");
    // client jwks may be null
    JsonElement clientJwksElement = env.getElementFromObject("client", "jwks");
    JsonObject clientJwks = null;
    if (clientJwksElement != null) {
        clientJwks = clientJwksElement.getAsJsonObject();
    }
    String encryptedResponse = encrypt("client", userinfoResponse, clientSecret, clientJwks, alg, enc, "userinfo_encrypted_response_alg", "userinfo_encrypted_response_enc");
    logSuccess("Encrypted userinfo response", args("userinfo", encryptedResponse, "userinfo_encrypted_response_alg", alg, "userinfo_encrypted_response_enc", enc));
    env.putString("encrypted_user_info_endpoint_response", encryptedResponse);
    return env;
}

Example 12 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class OIDCCGenerateServerJWKs method evaluate.

@Override
@PostEnvironment(required = { "server_public_jwks", "server_jwks", "server_encryption_keys" })
public Environment evaluate(Environment env) {
    allGeneratedKeys = new LinkedList<>();
    signingKeyToBeUsed = new LinkedList<>();
    encryptionKeysToBeUsed = new LinkedList<>();
    setupParameters();
    try {
        // changing the order of createKeys calls here may affect the signing key selection
        // See JWKUtil.selectAsymmetricJWSKey for full details
        createKeys(numberOfRSASigningKeysWithNoAlg, KeyType.RSA, KeyUse.SIGNATURE, null, null);
        createKeys(numberOfECCurveP256SigningKeysWithNoAlg, KeyType.EC, KeyUse.SIGNATURE, null, esCurve);
        createKeys(numberOfECCurveSECP256KSigningKeysWithNoAlg, KeyType.EC, KeyUse.SIGNATURE, null, esKCurve);
        createKeys(numberOfOKPSigningKeysWithNoAlg, KeyType.OKP, KeyUse.SIGNATURE, null, null);
        createKeys(numberOfRSSigningKeys, KeyType.RSA, KeyUse.SIGNATURE, rsSigningAlgorithm, null);
        createKeys(numberOfES256SigningKeys, KeyType.EC, KeyUse.SIGNATURE, esSigningAlgorithm, esCurve);
        createKeys(numberOfPSSigningKeys, KeyType.RSA, KeyUse.SIGNATURE, psSigningAlgorithm, null);
        createKeys(numberOfEdSigningKeys, KeyType.OKP, KeyUse.SIGNATURE, JWSAlgorithm.EdDSA, null);
        createKeys(numberOfRSAEncKeys, KeyType.RSA, KeyUse.ENCRYPTION, encryptionAlgorithmForRSAKeys, null);
        createKeys(numberOfECEncKeys, KeyType.EC, KeyUse.ENCRYPTION, encryptionAlgorithmForECKeys, esCurve);
        JWKSet publicJwkSet = new JWKSet(allGeneratedKeys);
        JsonObject publicJwks = JWKUtil.getPublicJwksAsJsonObject(publicJwkSet);
        JWKSet privateJwkSet = new JWKSet(signingKeyToBeUsed);
        JsonObject jwks = JWKUtil.getPrivateJwksAsJsonObject(privateJwkSet);
        JWKSet encJwkSet = new JWKSet(encryptionKeysToBeUsed);
        JsonObject encJwks = JWKUtil.getPrivateJwksAsJsonObject(encJwkSet);
        env.putObject("server_public_jwks", publicJwks);
        env.putObject("server_jwks", jwks);
        env.putObject("server_encryption_keys", encJwks);
        log("Generated server public private JWK sets", args("server_public_jwks", publicJwks, "server_jwks", jwks, "server_encryption_keys", encJwks));
        return env;
    } catch (JOSEException e) {
        throw error("Failed to generate server JWK Set", e);
    }
}

Example 13 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class FAPIBrazilSetGrantTypesSupportedInServerConfiguration method evaluate.

@Override
@PreEnvironment(required = { "server" })
@PostEnvironment(required = { "server" })
public Environment evaluate(Environment env) {
    JsonArray grantTypes = new JsonArray();
    grantTypes.add("authorization_code");
    grantTypes.add("implicit");
    grantTypes.add("client_credentials");
    grantTypes.add("refresh_token");
    JsonObject server = env.getObject("server");
    server.add("grant_types_supported", grantTypes);
    log("Successfully set grant_types_supported", args("server", server));
    return env;
}

Example 14 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class ExtractClientCertificateFromTokenEndpointRequestHeaders method evaluate.

@Override
@PreEnvironment(required = "token_endpoint_request")
@PostEnvironment(required = "client_certificate")
public Environment evaluate(Environment env) {
    // Remove any certificate from a previous connection
    env.removeObject("client_certificate");
    String certStr = env.getString("token_endpoint_request", "headers.x-ssl-cert");
    if (certStr == null) {
        throw error("Client certificate not found; likely the non-mtls version of the endpoint was called");
    }
    if (certStr.equals("(null)")) {
        // "RequestHeader set X-Ssl-Cert "%{SSL_CLIENT_CERT}s"
        throw error("Client certificate not found; the client did not supply a MTLS certification to the endpoint. In some cases this may be because the client is, incorrectly, configured to supply a TLS certificate only if the server explicitly requires a certificate at the TLS level.");
    }
    try {
        // pre-process the cert string for the PEM parser
        String certPem = certStr.replaceAll("\\s+(?!CERTIFICATE-----)", "\n");
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certPem.getBytes()));
        JsonObject certInfo = new JsonObject();
        certInfo.addProperty("cert", certStr);
        certInfo.addProperty("pem", certPem);
        JsonObject subjectInfo = new JsonObject();
        X500Principal subject = cert.getSubjectX500Principal();
        subjectInfo.addProperty("dn", subject.getName());
        certInfo.add("subject", subjectInfo);
        JsonArray sanDnsNames = new JsonArray();
        JsonArray sanUris = new JsonArray();
        JsonArray sanIPs = new JsonArray();
        JsonArray sanEmails = new JsonArray();
        Collection<List<?>> altNames = cert.getSubjectAlternativeNames();
        if (altNames != null) {
            for (List<?> altName : altNames) {
                if (altName.size() < 2) {
                    continue;
                }
                String sanValue = String.valueOf(altName.get(1));
                switch((Integer) altName.get(0)) {
                    case GeneralName.dNSName:
                        sanDnsNames.add(sanValue);
                        break;
                    case GeneralName.iPAddress:
                        sanIPs.add(sanValue);
                        break;
                    case GeneralName.uniformResourceIdentifier:
                        sanUris.add(sanValue);
                        break;
                    case GeneralName.rfc822Name:
                        sanEmails.add(sanValue);
                        break;
                }
            }
        }
        certInfo.add("sanDnsNames", sanDnsNames);
        certInfo.add("sanUris", sanUris);
        certInfo.add("sanIPs", sanIPs);
        certInfo.add("sanEmails", sanEmails);
        env.putObject("client_certificate", certInfo);
        logSuccess("Extracted client certificate", args("client_certificate", certInfo));
        return env;
    } catch (CertificateException e) {
        throw error("Error parsing certificate", e, args("cert", certStr));
    }
}

Example 15 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class AddInvalidAudValueToIdToken method evaluate.

@Override
@PreEnvironment(required = "id_token_claims")
@PostEnvironment(required = "id_token_claims")
public Environment evaluate(Environment env) {
    JsonObject claims = env.getObject("id_token_claims");
    String aud = env.getString("id_token_claims", "aud");
    // Add number 1 onto end of aud string
    String concat = (aud + 1);
    claims.addProperty("aud", concat);
    env.putObject("id_token_claims", claims);
    logSuccess("Added invalid aud to ID token claims", args("id_token_claims", claims, "aud", concat));
    return env;
}