Search in sources :

Example 11 with JwkResponse

use of org.gluu.oxauth.client.JwkResponse in project oxAuth by GluuFederation.

the class TokenSignaturesHttpTest method testES384.

@Parameters({ "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testES384(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) {
    try {
        showTitle("Test ES384");
        JwkClient jwkClient = new JwkClient(clientJwksUri);
        JwkResponse jwkResponse = jwkClient.exec();
        String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19";
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
        String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES384);
        System.out.println("Encoded Signature: " + encodedSignature);
        boolean signatureVerified = cryptoProvider.verifySignature(signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES384);
        assertTrue(signatureVerified, "Invalid signature");
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
}
Also used : OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) JwkResponse(org.gluu.oxauth.client.JwkResponse) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NoSuchProviderException(java.security.NoSuchProviderException) JwkClient(org.gluu.oxauth.client.JwkClient) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 12 with JwkResponse

use of org.gluu.oxauth.client.JwkResponse in project oxAuth by GluuFederation.

the class TokenSignaturesHttpTest method requestAuthorizationIdTokenPRS384.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestAuthorizationIdTokenPRS384(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestAuthorizationIdTokenPS384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.ID_TOKEN);
    // 1. Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setContacts(Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS384);
    registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Request Authorization
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    authorizationRequest.setAuthUsername(userId);
    authorizationRequest.setAuthPassword(userSecret);
    authorizationRequest.getPrompts().add(Prompt.NONE);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    String keyId = jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID);
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.PS384);
    assertTrue(validJwt);
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) Jwt(org.gluu.oxauth.model.jwt.Jwt) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) JwkClient(org.gluu.oxauth.client.JwkClient) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) JwkResponse(org.gluu.oxauth.client.JwkResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 13 with JwkResponse

use of org.gluu.oxauth.client.JwkResponse in project oxAuth by GluuFederation.

the class TokenSignaturesHttpTest method requestAuthorizationIdTokenES384.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestAuthorizationIdTokenES384(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestAuthorizationIdTokenES384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.ID_TOKEN);
    // 1. Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setContacts(Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.ES384);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Request Authorization
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    String keyId = jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID);
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES384);
    assertTrue(validJwt);
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) Jwt(org.gluu.oxauth.model.jwt.Jwt) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) JwkClient(org.gluu.oxauth.client.JwkClient) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) JwkResponse(org.gluu.oxauth.client.JwkResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 14 with JwkResponse

use of org.gluu.oxauth.client.JwkResponse in project oxAuth by GluuFederation.

the class AddressClaimsTest method authorizationRequestAlgRSA15EncA128CBCPLUSHS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "dnName", "keyStoreFile", "keyStoreSecret", "RSA1_5_keyId", "clientJwksUri", "sectorIdentifierUri" })
@Test
public void authorizationRequestAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String clientKeyId, final String clientJwksUri, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestAlgRSA15EncA128CBCPLUSHS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    registerRequest.setRequestObjectEncryptionAlg(KeyEncryptionAlgorithm.RSA1_5);
    registerRequest.setRequestObjectEncryptionEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    registerRequest.addCustomAttribute("oxIncludeClaimsInIdToken", "true");
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA1_5);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "address");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createEssential(true)));
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
    assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 4. Validate id_token
    PrivateKey privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    Jwe jwe = Jwe.parse(idToken, privateKey, null);
    assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaim(JwtClaimName.ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(jwe.getClaims().getClaimAsJSON(JwtClaimName.ADDRESS).has(JwtClaimName.ADDRESS_REGION));
    // 5. Request user info
    UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    userInfoClient.setRequest(userInfoRequest);
    userInfoClient.setPrivateKey(privateKey);
    UserInfoResponse userInfoResponse = userInfoClient.exec();
    showClient(userInfoClient);
    assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ISSUER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.AUDIENCE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS).containsAll(Arrays.asList(JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_COUNTRY, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION)));
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) PrivateKey(java.security.PrivateKey) UserInfoRequest(org.gluu.oxauth.client.UserInfoRequest) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) ResponseType(org.gluu.oxauth.model.common.ResponseType) JwkClient(org.gluu.oxauth.client.JwkClient) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) JwkResponse(org.gluu.oxauth.client.JwkResponse) JSONObject(org.json.JSONObject) RegisterClient(org.gluu.oxauth.client.RegisterClient) JwtAuthorizationRequest(org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest) Jwe(org.gluu.oxauth.model.jwe.Jwe) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient) Claim(org.gluu.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 15 with JwkResponse

use of org.gluu.oxauth.client.JwkResponse in project oxAuth by GluuFederation.

the class RegistrationTest method backchannelTokenDeliveryModePoll5.

@Parameters({ "clientJwksUri" })
public void backchannelTokenDeliveryModePoll5(final String clientJwksUri) {
    showTitle("backchannelTokenDeliveryModePoll5");
    // 1. Dynamic Client Registration
    JwkClient jwkClient = new JwkClient(clientJwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", null);
    registerRequest.setJwks(jwkResponse.getJwks().toString());
    registerRequest.setGrantTypes(Arrays.asList(GrantType.CIBA));
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS256);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS256);
    registerRequest.setBackchannelUserCodeParameter(false);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS256);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    assertNotNull(registerResponse.getClaims().get(APPLICATION_TYPE.toString()));
    assertNotNull(registerResponse.getClaims().get(SUBJECT_TYPE.toString()));
    assertNotNull(registerResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertNotNull(registerResponse.getClaims().get(JWKS.toString()));
    assertNotNull(registerResponse.getClaims().get(CLIENT_NAME.toString()));
    assertNotNull(registerResponse.getClaims().get(SCOPE.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
    assertTrue(registerResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
    assertTrue(registerResponse.getClaims().containsKey(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertTrue(registerResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertTrue(registerResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.POLL.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.PS256.getValue());
    assertEquals(registerResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(false).toString());
    assertEquals(registerResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client Read
    RegisterRequest clientReadRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient clientReadClient = new RegisterClient(registrationClientUri);
    clientReadClient.setRequest(clientReadRequest);
    RegisterResponse clientReadResponse = clientReadClient.exec();
    showClient(clientReadClient);
    assertEquals(clientReadResponse.getStatus(), 200, "Unexpected response code: " + clientReadResponse.getEntity());
    assertNotNull(clientReadResponse.getClientId());
    assertNotNull(clientReadResponse.getClientSecret());
    assertNotNull(clientReadResponse.getRegistrationAccessToken());
    assertNotNull(clientReadResponse.getRegistrationClientUri());
    assertNotNull(clientReadResponse.getClientSecretExpiresAt());
    assertNotNull(clientReadResponse.getClaims().get(APPLICATION_TYPE.toString()));
    assertNotNull(clientReadResponse.getClaims().get(SUBJECT_TYPE.toString()));
    assertNotNull(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertNotNull(clientReadResponse.getClaims().get(JWKS.toString()));
    assertNotNull(clientReadResponse.getClaims().get(CLIENT_NAME.toString()));
    assertNotNull(clientReadResponse.getClaims().get(SCOPE.toString()));
    assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()));
    assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()));
    assertTrue(clientReadResponse.getClaims().containsKey(BACKCHANNEL_USER_CODE_PARAMETER.toString()));
    assertTrue(clientReadResponse.getClaims().containsKey(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertTrue(clientReadResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertTrue(clientReadResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()), BackchannelTokenDeliveryMode.POLL.getValue());
    assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()), AsymmetricSignatureAlgorithm.PS256.getValue());
    assertEquals(clientReadResponse.getClaims().get(BACKCHANNEL_USER_CODE_PARAMETER.toString()), new Boolean(false).toString());
    assertEquals(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) JwkResponse(org.gluu.oxauth.client.JwkResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) JwkClient(org.gluu.oxauth.client.JwkClient) Parameters(org.testng.annotations.Parameters)

Aggregations

JwkClient (org.gluu.oxauth.client.JwkClient)32 JwkResponse (org.gluu.oxauth.client.JwkResponse)32 Parameters (org.testng.annotations.Parameters)31 BaseTest (org.gluu.oxauth.BaseTest)30 Test (org.testng.annotations.Test)30 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)28 RegisterClient (org.gluu.oxauth.client.RegisterClient)24 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)24 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)24 AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)22 AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)22 ResponseType (org.gluu.oxauth.model.common.ResponseType)22 AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)15 UserInfoClient (org.gluu.oxauth.client.UserInfoClient)12 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)12 Claim (org.gluu.oxauth.client.model.authorize.Claim)12 JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)12 JSONObject (org.json.JSONObject)12 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 NoSuchProviderException (java.security.NoSuchProviderException)9