use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class TokenEncryptionHttpTest method requestIdTokenAlgRSA15EncA128CBCPLUSHS256.
@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgRSA15EncA128CBCPLUSHS256");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setGrantTypes(grantTypes);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class TokenEncryptionHttpTest method requestIdTokenAlgA128KWEncA128GCM.
@Parameters({ "userId", "userSecret", "redirectUris", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgA128KWEncA128GCM(final String userId, final String userSecret, final String redirectUris, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgA128KWEncA128GCM");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setGrantTypes(grantTypes);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(Util.UTF8_STRING_ENCODING));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class TokenEncryptionHttpTest method requestIdTokenAlgRSA15EncA256CBCPLUSHS512.
@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
try {
showTitle("requestIdTokenAlgRSA15EncA256CBCPLUSHS512");
List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setGrantTypes(grantTypes);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
String clientSecret = response.getClientSecret();
// 2. Request authorization
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
String idToken = tokenResponse.getIdToken();
// 3. Read Encrypted ID Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(idToken, privateKey, null);
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class RegisterRequest method fromJson.
public static RegisterRequest fromJson(JSONObject requestObject, boolean authorizationRequestCustomAllowedParameters) throws JSONException {
final List<String> redirectUris = new ArrayList<String>();
if (requestObject.has(REDIRECT_URIS.toString())) {
JSONArray redirectUrisJsonArray = requestObject.getJSONArray(REDIRECT_URIS.toString());
for (int i = 0; i < redirectUrisJsonArray.length(); i++) {
String redirectionUri = redirectUrisJsonArray.getString(i);
redirectUris.add(redirectionUri);
}
}
final List<String> claimRedirectUris = new ArrayList<String>();
if (requestObject.has(CLAIMS_REDIRECT_URIS.toString())) {
JSONArray jsonArray = requestObject.getJSONArray(CLAIMS_REDIRECT_URIS.toString());
for (int i = 0; i < jsonArray.length(); i++) {
String uri = jsonArray.getString(i);
claimRedirectUris.add(uri);
}
}
final Set<String> responseTypes = new HashSet<String>();
if (requestObject.has(RESPONSE_TYPES.toString())) {
JSONArray responseTypesJsonArray = requestObject.getJSONArray(RESPONSE_TYPES.toString());
for (int i = 0; i < responseTypesJsonArray.length(); i++) {
responseTypes.add(responseTypesJsonArray.getString(i));
}
}
final Set<GrantType> grantTypes = new HashSet<GrantType>();
if (requestObject.has(GRANT_TYPES.toString())) {
JSONArray grantTypesJsonArray = requestObject.getJSONArray(GRANT_TYPES.toString());
for (int i = 0; i < grantTypesJsonArray.length(); i++) {
GrantType gt = GrantType.fromString(grantTypesJsonArray.getString(i));
if (gt != null) {
grantTypes.add(gt);
}
}
}
final List<String> contacts = new ArrayList<String>();
if (requestObject.has(CONTACTS.toString())) {
JSONArray contactsJsonArray = requestObject.getJSONArray(CONTACTS.toString());
for (int i = 0; i < contactsJsonArray.length(); i++) {
contacts.add(contactsJsonArray.getString(i));
}
}
final List<String> defaultAcrValues = new ArrayList<String>();
if (requestObject.has(DEFAULT_ACR_VALUES.toString())) {
JSONArray defaultAcrValuesJsonArray = requestObject.getJSONArray(DEFAULT_ACR_VALUES.toString());
for (int i = 0; i < defaultAcrValuesJsonArray.length(); i++) {
defaultAcrValues.add(defaultAcrValuesJsonArray.getString(i));
}
}
final List<String> postLogoutRedirectUris = new ArrayList<String>();
if (requestObject.has(POST_LOGOUT_REDIRECT_URIS.toString())) {
JSONArray postLogoutRedirectUrisJsonArray = requestObject.getJSONArray(POST_LOGOUT_REDIRECT_URIS.toString());
for (int i = 0; i < postLogoutRedirectUrisJsonArray.length(); i++) {
postLogoutRedirectUris.add(postLogoutRedirectUrisJsonArray.getString(i));
}
}
final List<String> requestUris = new ArrayList<String>();
if (requestObject.has(REQUEST_URIS.toString())) {
JSONArray requestUrisJsonArray = requestObject.getJSONArray(REQUEST_URIS.toString());
for (int i = 0; i < requestUrisJsonArray.length(); i++) {
requestUris.add(requestUrisJsonArray.getString(i));
}
}
final List<String> authorizedOrigins = new ArrayList<String>();
if (requestObject.has(AUTHORIZED_ORIGINS.toString())) {
JSONArray authorizedOriginsJsonArray = requestObject.getJSONArray((AUTHORIZED_ORIGINS.toString()));
for (int i = 0; i < authorizedOriginsJsonArray.length(); i++) {
authorizedOrigins.add(authorizedOriginsJsonArray.getString(i));
}
}
final List<String> scope = new ArrayList<String>();
if (authorizationRequestCustomAllowedParameters && requestObject.has(SCOPES.toString())) {
JSONArray scopesJsonArray = requestObject.getJSONArray(SCOPES.toString());
for (int i = 0; i < scopesJsonArray.length(); i++) {
scope.add(scopesJsonArray.getString(i));
}
} else if (requestObject.has(SCOPE.toString())) {
String scopeString = requestObject.getString(SCOPE.toString());
String[] scopeArray = scopeString.split(" ");
for (String s : scopeArray) {
if (StringUtils.isNotBlank(s)) {
scope.add(s);
}
}
}
final List<String> claims = new ArrayList<String>();
if (requestObject.has(CLAIMS.toString())) {
String claimsString = requestObject.getString(CLAIMS.toString());
String[] claimsArray = claimsString.split(" ");
for (String c : claimsArray) {
if (StringUtils.isNotBlank(c)) {
claims.add(c);
}
}
}
final RegisterRequest result = new RegisterRequest();
JsonApplier.getInstance().apply(requestObject, result);
result.setJsonObject(requestObject);
result.setRequestUris(requestUris);
result.setAuthorizedOrigins(authorizedOrigins);
result.setClaimsRedirectUris(claimRedirectUris);
result.setInitiateLoginUri(requestObject.optString(INITIATE_LOGIN_URI.toString()));
result.setPostLogoutRedirectUris(postLogoutRedirectUris);
result.setDefaultAcrValues(defaultAcrValues);
result.setRequireAuthTime(requestObject.has(REQUIRE_AUTH_TIME.toString()) && requestObject.getBoolean(REQUIRE_AUTH_TIME.toString()));
result.setFrontChannelLogoutUris(extractList(requestObject, FRONT_CHANNEL_LOGOUT_URI.toString()));
result.setFrontChannelLogoutSessionRequired(requestObject.optBoolean(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
result.setBackchannelLogoutUris(extractList(requestObject, BACKCHANNEL_LOGOUT_URI.toString()));
result.setBackchannelLogoutSessionRequired(requestObject.optBoolean(BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
result.setAccessTokenLifetime(requestObject.has(ACCESS_TOKEN_LIFETIME.toString()) ? requestObject.getInt(ACCESS_TOKEN_LIFETIME.toString()) : null);
result.setDefaultMaxAge(requestObject.has(DEFAULT_MAX_AGE.toString()) ? requestObject.getInt(DEFAULT_MAX_AGE.toString()) : null);
result.setTlsClientAuthSubjectDn(requestObject.optString(TLS_CLIENT_AUTH_SUBJECT_DN.toString()));
result.setAllowSpontaneousScopes(requestObject.optBoolean(ALLOW_SPONTANEOUS_SCOPES.toString()));
result.setSpontaneousScopes(ClientUtil.extractListByKey(requestObject, SPONTANEOUS_SCOPES.toString()));
result.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(requestObject.optBoolean(RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS.toString()));
result.setKeepClientAuthorizationAfterExpiration(requestObject.optBoolean(KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION.toString()));
result.setRptAsJwt(requestObject.optBoolean(RPT_AS_JWT.toString()));
result.setAccessTokenAsJwt(requestObject.optBoolean(ACCESS_TOKEN_AS_JWT.toString()));
result.setAccessTokenSigningAlg(SignatureAlgorithm.fromString(requestObject.optString(ACCESS_TOKEN_SIGNING_ALG.toString())));
result.setIdTokenSignedResponseAlg(requestObject.has(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())) : null);
result.setIdTokenEncryptedResponseAlg(requestObject.has(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()) ? KeyEncryptionAlgorithm.fromName(requestObject.getString(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())) : null);
result.setIdTokenEncryptedResponseEnc(requestObject.has(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()) ? BlockEncryptionAlgorithm.fromName(requestObject.getString(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())) : null);
result.setUserInfoSignedResponseAlg(requestObject.has(USERINFO_SIGNED_RESPONSE_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(USERINFO_SIGNED_RESPONSE_ALG.toString())) : null);
result.setUserInfoEncryptedResponseAlg(requestObject.has(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()) ? KeyEncryptionAlgorithm.fromName(requestObject.getString(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())) : null);
result.setUserInfoEncryptedResponseEnc(requestObject.has(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()) ? BlockEncryptionAlgorithm.fromName(requestObject.getString(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())) : null);
result.setRequestObjectSigningAlg(requestObject.has(REQUEST_OBJECT_SIGNING_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(REQUEST_OBJECT_SIGNING_ALG.toString())) : null);
result.setRequestObjectEncryptionAlg(requestObject.has(REQUEST_OBJECT_ENCRYPTION_ALG.toString()) ? KeyEncryptionAlgorithm.fromName(requestObject.getString(REQUEST_OBJECT_ENCRYPTION_ALG.toString())) : null);
result.setRequestObjectEncryptionEnc(requestObject.has(REQUEST_OBJECT_ENCRYPTION_ENC.toString()) ? BlockEncryptionAlgorithm.fromName(requestObject.getString(REQUEST_OBJECT_ENCRYPTION_ENC.toString())) : null);
result.setTokenEndpointAuthMethod(requestObject.has(TOKEN_ENDPOINT_AUTH_METHOD.toString()) ? AuthenticationMethod.fromString(requestObject.getString(TOKEN_ENDPOINT_AUTH_METHOD.toString())) : null);
result.setTokenEndpointAuthSigningAlg(requestObject.has(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())) : null);
result.setRedirectUris(redirectUris);
result.setScopes(scope);
result.setScope(scope);
result.setClaims(claims);
result.setResponseTypes_(new ArrayList<String>(responseTypes));
result.setGrantTypes(new ArrayList<GrantType>(grantTypes));
result.setApplicationType(requestObject.has(APPLICATION_TYPE.toString()) ? ApplicationType.fromString(requestObject.getString(APPLICATION_TYPE.toString())) : ApplicationType.WEB);
result.setContacts(contacts);
result.setClientName(requestObject.optString(CLIENT_NAME.toString()));
result.setIdTokenTokenBindingCnf(requestObject.optString(ID_TOKEN_TOKEN_BINDING_CNF.toString(), ""));
result.setLogoUri(requestObject.optString(LOGO_URI.toString()));
result.setClientUri(requestObject.optString(CLIENT_URI.toString()));
result.setPolicyUri(requestObject.optString(POLICY_URI.toString()));
result.setTosUri(requestObject.optString(TOS_URI.toString()));
result.setJwksUri(requestObject.optString(JWKS_URI.toString()));
result.setJwks(requestObject.optString(JWKS.toString()));
result.setSectorIdentifierUri(requestObject.optString(SECTOR_IDENTIFIER_URI.toString()));
result.setSubjectType(requestObject.has(SUBJECT_TYPE.toString()) ? SubjectType.fromString(requestObject.getString(SUBJECT_TYPE.toString())) : null);
result.setSoftwareId(requestObject.optString(SOFTWARE_ID.toString()));
result.setSoftwareVersion(requestObject.optString(SOFTWARE_VERSION.toString()));
result.setSoftwareStatement(requestObject.optString(SOFTWARE_STATEMENT.toString()));
result.setBackchannelTokenDeliveryMode(requestObject.has(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()) ? BackchannelTokenDeliveryMode.fromString(requestObject.getString(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString())) : null);
result.setBackchannelClientNotificationEndpoint(requestObject.optString(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
result.setBackchannelAuthenticationRequestSigningAlg(requestObject.has(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()) ? AsymmetricSignatureAlgorithm.fromString(requestObject.getString(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString())) : null);
result.setBackchannelUserCodeParameter(requestObject.has(BACKCHANNEL_USER_CODE_PARAMETER.toString()) ? requestObject.getBoolean(BACKCHANNEL_USER_CODE_PARAMETER.toString()) : null);
return result;
}
use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.
the class AcceptValidAsymmetricIdTokenSignature method acceptValidAsymmetricIdTokenSignatureES256.
@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "postLogoutRedirectUri", "clientJwksUri" })
@Test
public void acceptValidAsymmetricIdTokenSignatureES256(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String postLogoutRedirectUri, final String clientJwksUri) throws Exception {
showTitle("OC5:FeatureTest-Accept Valid Asymmetric ID Token Signature es256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
List<GrantType> grantTypes = Arrays.asList(GrantType.AUTHORIZATION_CODE);
// 1. Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, null, StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.ES256);
registerRequest.setPostLogoutRedirectUris(StringUtils.spaceSeparatedToList(postLogoutRedirectUri));
registerRequest.setJwksUri(clientJwksUri);
registerRequest.setSubjectType(SubjectType.PUBLIC);
registerRequest.setRequireAuthTime(true);
registerRequest.setDefaultMaxAge(3600);
registerRequest.setGrantTypes(grantTypes);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request Authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getIdToken());
assertNotNull(authorizationResponse.getState());
assertEquals(authorizationResponse.getState(), state);
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
ECDSAPublicKey publicKey = JwkClient.getECDSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
ECDSASigner ecdsaSigner = new ECDSASigner(SignatureAlgorithm.ES256, publicKey);
assertTrue(ecdsaSigner.validate(jwt));
}
Aggregations