use of org.forgerock.openam.sts.tokengeneration.oidc.crypto.OpenIdConnectTokenPKIProviderImpl in project OpenAM by OpenRock.
the class OpenIdConnectTokenGenerationImplTest method testRSAOpenIdConnectTokenGeneration.
@Test
public void testRSAOpenIdConnectTokenGeneration() throws TokenCreationException {
SSOTokenIdentity mockSSOTokenIdentity = mock(SSOTokenIdentity.class);
when(mockSSOTokenIdentity.validateAndGetTokenPrincipal(any(SSOToken.class))).thenReturn(SUBJECT_NAME);
SSOToken mockSSOToken = mock(SSOToken.class);
STSInstanceState mockSTSInstanceState = mock(STSInstanceState.class);
STSInstanceConfig mockSTSInstanceConfig = mock(STSInstanceConfig.class);
when(mockSTSInstanceState.getConfig()).thenReturn(mockSTSInstanceConfig);
OpenIdConnectTokenConfig openIdConnectTokenConfig = buildRSAOpenIdConnectTokenConfig();
when(mockSTSInstanceConfig.getOpenIdConnectTokenConfig()).thenReturn(openIdConnectTokenConfig);
OpenIdConnectTokenPKIProviderImpl tokenCryptoProvider = new OpenIdConnectTokenPKIProviderImpl(openIdConnectTokenConfig);
when(mockSTSInstanceState.getOpenIdConnectTokenPKIProvider()).thenReturn(tokenCryptoProvider);
TokenGenerationServiceInvocationState mockTokenGenerationInvocationState = mock(TokenGenerationServiceInvocationState.class);
OpenIdConnectTokenClaimMapperProvider mockClaimMapperProvider = mock(OpenIdConnectTokenClaimMapperProvider.class);
OpenIdConnectTokenClaimMapper mockClaimMapper = mock(OpenIdConnectTokenClaimMapper.class);
when(mockClaimMapperProvider.getClaimMapper(any(OpenIdConnectTokenConfig.class))).thenReturn(mockClaimMapper);
when(mockClaimMapper.getCustomClaims(mockSSOToken, mappedClaimConfig)).thenReturn(mappedClaimAttributes);
long authTime = System.currentTimeMillis() / 1000;
OpenIdConnectTokenGenerationState openIdConnectTokenGenerationState = buildOpenIdConnectTokenGenerationState(authTime);
when(mockTokenGenerationInvocationState.getOpenIdConnectTokenGenerationState()).thenReturn(openIdConnectTokenGenerationState);
String oidcToken = new OpenIdConnectTokenGenerationImpl(mockSSOTokenIdentity, new JwtBuilderFactory(), mockClaimMapperProvider, mock(CTSTokenPersistence.class), mock(Logger.class)).generate(mockSSOToken, mockSTSInstanceState, mockTokenGenerationInvocationState);
SignedJwt signedJwt = reconstructSignedJwt(oidcToken);
JwtClaimsSet jwtClaimsSet = signedJwt.getClaimsSet();
assertEquals(SUBJECT_NAME, jwtClaimsSet.getSubject());
assertEquals(AUDIENCE, jwtClaimsSet.getAudience().get(0));
assertEquals(AUTHN_CLASS_REFERENCE, jwtClaimsSet.getClaim("acr", String.class));
assertEquals(ISSUER, jwtClaimsSet.getIssuer());
assertEquals(EMAIL_CLAIM_VALUE, jwtClaimsSet.get(EMAIL_CLAIM_KEY).asString());
assertTrue(verifyRSASignature(signedJwt, openIdConnectTokenConfig));
}
Aggregations