Search in sources :

Example 31 with JwkClient

use of org.gluu.oxauth.client.JwkClient in project oxAuth by GluuFederation.

the class AddressClaimsTest method authorizationRequestAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "RSA_OAEP_keyId", "clientJwksUri", "sectorIdentifierUri" })
@Test
public void authorizationRequestAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String clientKeyId, final String clientJwksUri, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestAlgRSAOAEPEncA256GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
    registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.RSA_OAEP);
    registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A256GCM);
    registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "address");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
    assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 4. Validate id_token
    PrivateKey privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    Jwe jwe = Jwe.parse(idToken, privateKey, null);
    assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaim(JwtClaimName.ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
    // 5. Request user info
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    userInfoClient.setPrivateKey(privateKey);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ISSUER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.AUDIENCE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS).containsAll(Arrays.asList(JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_COUNTRY, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION)));
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) PrivateKey(java.security.PrivateKey) UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) ResponseType(org.gluu.oxauth.model.common.ResponseType) JwkClient(org.gluu.oxauth.client.JwkClient) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) JwkResponse(org.gluu.oxauth.client.JwkResponse) JSONObject(org.json.JSONObject) RegisterClient(org.gluu.oxauth.client.RegisterClient) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) Jwe(org.gluu.oxauth.model.jwe.Jwe) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) Claim(org.gluu.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 32 with JwkClient

use of org.gluu.oxauth.client.JwkClient in project oxAuth by GluuFederation.

the class AddressClaimsTest method authorizationRequestAlgRSA15EncA256CBCPLUSHS512.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "RSA1_5_keyId", "clientJwksUri", "sectorIdentifierUri" })
@Test
public void authorizationRequestAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String clientKeyId, final String clientJwksUri, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestAlgRSA15EncA256CBCPLUSHS512");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA1_5);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "address");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
    assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 4. Validate id_token
    PrivateKey privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    Jwe jwe = Jwe.parse(idToken, privateKey, null);
    assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaim(JwtClaimName.ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
    // 5. Request user info
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    userInfoClient.setPrivateKey(privateKey);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ISSUER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.AUDIENCE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS).containsAll(Arrays.asList(JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_COUNTRY, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION)));
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) PrivateKey(java.security.PrivateKey) UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) ResponseType(org.gluu.oxauth.model.common.ResponseType) JwkClient(org.gluu.oxauth.client.JwkClient) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) JwkResponse(org.gluu.oxauth.client.JwkResponse) JSONObject(org.json.JSONObject) RegisterClient(org.gluu.oxauth.client.RegisterClient) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) Jwe(org.gluu.oxauth.model.jwe.Jwe) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) Claim(org.gluu.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Aggregations

JwkClient (org.gluu.oxauth.client.JwkClient)32 JwkResponse (org.gluu.oxauth.client.JwkResponse)32 Parameters (org.testng.annotations.Parameters)31 BaseTest (org.gluu.oxauth.BaseTest)30 Test (org.testng.annotations.Test)30 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)28 RegisterClient (org.gluu.oxauth.client.RegisterClient)24 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)24 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)24 AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)22 AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)22 ResponseType (org.gluu.oxauth.model.common.ResponseType)22 AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)15 UserInfoClient (org.gluu.oxauth.client.UserInfoClient)12 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)12 Claim (org.gluu.oxauth.client.model.authorize.Claim)12 JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)12 JSONObject (org.json.JSONObject)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 NoSuchProviderException (java.security.NoSuchProviderException)9