Search in sources :

Example 21 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class RestletFormBodyAccessTokenVerifierTest method shouldCheckParameter.

@Test
public void shouldCheckParameter() throws Exception {
    // Given
    Form form = new Form();
    Request request = new Request();
    request.setEntity(form.getWebRepresentation());
    OAuth2Request req = new RestletOAuth2Request(null, request);
    // When
    AccessTokenVerifier.TokenState result = verifier.verify(req);
    // Then
    assertThat(result.isValid()).isFalse();
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) Form(org.restlet.data.Form) Request(org.restlet.Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier) Test(org.testng.annotations.Test)

Example 22 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class RestletHeaderAccessTokenVerifierTest method shouldCheckHeader.

@Test
public void shouldCheckHeader() throws Exception {
    // Given
    Request request = new Request();
    OAuth2Request req = new RestletOAuth2Request(null, request);
    // When
    AccessTokenVerifier.TokenState result = verifier.verify(req);
    // Then
    assertThat(result.isValid()).isFalse();
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) HttpRequest(org.restlet.engine.adapter.HttpRequest) Request(org.restlet.Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier) Test(org.testng.annotations.Test)

Example 23 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class RestletHeaderAccessTokenVerifierTest method shouldCheckHttpHeader.

@Test
public void shouldCheckHttpHeader() throws Exception {
    // Given
    ServerCall serverCall = mock(ServerCall.class);
    HttpRequest request = mock(HttpRequest.class);
    OAuth2Request req = new RestletOAuth2Request(null, request);
    when(request.getHttpCall()).thenReturn(serverCall);
    Series<Header> requestHeaders = new Series<Header>(Header.class);
    requestHeaders.add(new Header(HeaderConstants.HEADER_AUTHORIZATION, "Bearer freddy"));
    when(request.getHttpCall().getRequestHeaders()).thenReturn(requestHeaders);
    // When
    AccessTokenVerifier.TokenState result = verifier.verify(req);
    // Then
    assertThat(result.isValid()).isFalse();
    verify(tokenStore).readAccessToken(req, "freddy");
}
Also used : HttpRequest(org.restlet.engine.adapter.HttpRequest) Series(org.restlet.util.Series) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) Header(org.restlet.data.Header) ServerCall(org.restlet.engine.adapter.ServerCall) AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier) Test(org.testng.annotations.Test)

Example 24 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class RestletHeaderAccessTokenVerifierTest method shouldLookupValue.

@Test
public void shouldLookupValue() throws Exception {
    // Given
    ChallengeResponse challengeResponse = new ChallengeResponse(ChallengeScheme.CUSTOM, "foo", "bar");
    challengeResponse.setRawValue("freddy");
    Request request = new Request();
    request.setChallengeResponse(challengeResponse);
    OAuth2Request req = new RestletOAuth2Request(null, request);
    // When
    AccessTokenVerifier.TokenState result = verifier.verify(req);
    // Then
    assertThat(result.isValid()).isFalse();
    verify(tokenStore).readAccessToken(req, "freddy");
}
Also used : OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) HttpRequest(org.restlet.engine.adapter.HttpRequest) Request(org.restlet.Request) OAuth2Request(org.forgerock.oauth2.core.OAuth2Request) ChallengeResponse(org.restlet.data.ChallengeResponse) AccessTokenVerifier(org.forgerock.oauth2.core.AccessTokenVerifier) Test(org.testng.annotations.Test)

Example 25 with OAuth2Request

use of org.forgerock.oauth2.core.OAuth2Request in project OpenAM by OpenRock.

the class OpenAMTokenStore method createDeviceCode.

/**
     * {@inheritDoc}
     */
public DeviceCode createDeviceCode(Set<String> scope, ResourceOwner resourceOwner, String clientId, String nonce, String responseType, String state, String acrValues, String prompt, String uiLocales, String loginHint, Integer maxAge, String claims, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException {
    logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code");
    final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request);
    final String deviceCode = UUID.randomUUID().toString();
    final StringBuilder codeBuilder = new StringBuilder(CODE_LENGTH);
    String userCode = null;
    int i;
    for (i = 0; i < NUM_RETRIES; i++) {
        for (int k = 0; k < CODE_LENGTH; k++) {
            codeBuilder.append(ALPHABET.charAt(secureRandom.nextInt(ALPHABET.length())));
        }
        try {
            readDeviceCode(codeBuilder.toString(), request);
            codeBuilder.delete(0, codeBuilder.length());
        // code can be found - try again
        } catch (InvalidGrantException e) {
            // Good, it doesn't exist yet.
            userCode = codeBuilder.toString();
            break;
        } catch (ServerException e) {
            logger.message("Could not query CTS, assume duplicate to be safe", e);
        }
    }
    if (i == NUM_RETRIES) {
        throw new ServerException("Could not generate a unique user code");
    }
    long expiryTime = System.currentTimeMillis() + (1000 * providerSettings.getDeviceCodeLifetime());
    String resourceOwnerId = resourceOwner == null ? null : resourceOwner.getId();
    final DeviceCode code = new DeviceCode(deviceCode, userCode, resourceOwnerId, clientId, nonce, responseType, state, acrValues, prompt, uiLocales, loginHint, maxAge, claims, expiryTime, scope, realmNormaliser.normalise(request.<String>getParameter(REALM)), codeChallenge, codeChallengeMethod);
    // Store in CTS
    try {
        tokenStore.create(code);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_DEVICE_CODE", code.toString() };
            auditLogger.logAccessMessage("CREATED_DEVICE_CODE", obs, null);
        }
    } catch (CoreTokenException e) {
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_DEVICE_CODE", code.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_DEVICE_CODE", obs, null);
        }
        logger.error("Unable to create device code " + code, e);
        throw new ServerException("Could not create token in CTS");
    }
    request.setToken(DeviceCode.class, code);
    return code;
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) DeviceCode(org.forgerock.oauth2.core.DeviceCode) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings) InvalidGrantException(org.forgerock.oauth2.core.exceptions.InvalidGrantException)

Aggregations

OAuth2Request (org.forgerock.oauth2.core.OAuth2Request)73 Test (org.testng.annotations.Test)45 OAuth2ProviderSettings (org.forgerock.oauth2.core.OAuth2ProviderSettings)32 Request (org.restlet.Request)31 AccessToken (org.forgerock.oauth2.core.AccessToken)27 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)27 JsonValue (org.forgerock.json.JsonValue)24 ChallengeResponse (org.restlet.data.ChallengeResponse)17 AccessTokenVerifier (org.forgerock.oauth2.core.AccessTokenVerifier)13 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)11 CoreTokenException (org.forgerock.openam.cts.exceptions.CoreTokenException)11 HashMap (java.util.HashMap)10 HashSet (java.util.HashSet)10 InvalidGrantException (org.forgerock.oauth2.core.exceptions.InvalidGrantException)10 UnauthorizedClientException (org.forgerock.oauth2.core.exceptions.UnauthorizedClientException)10 Response (org.restlet.Response)10 ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)9 OAuth2Exception (org.forgerock.oauth2.core.exceptions.OAuth2Exception)9 DeviceCode (org.forgerock.oauth2.core.DeviceCode)8 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)8