Search in sources :

Example 21 with GrantType

use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.

the class TokenEncryptionHttpTest method requestIdTokenAlgRSA15EncA128CBCPLUSHS256.

@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
    try {
        showTitle("requestIdTokenAlgRSA15EncA128CBCPLUSHS256");
        List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        // 1. Dynamic Client Registration
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setJwksUri(jwksUri);
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        registerRequest.setGrantTypes(grantTypes);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse response = registerClient.exec();
        showClient(registerClient);
        assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
        assertNotNull(response.getClientId());
        assertNotNull(response.getClientSecret());
        assertNotNull(response.getRegistrationAccessToken());
        assertNotNull(response.getClientSecretExpiresAt());
        String clientId = response.getClientId();
        String clientSecret = response.getClientSecret();
        // 2. Request authorization
        TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        tokenRequest.setUsername(userId);
        tokenRequest.setPassword(userSecret);
        tokenRequest.setScope("openid");
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
        assertNotNull(tokenResponse.getTokenType(), "The token type is null");
        assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
        assertNotNull(tokenResponse.getScope(), "The scope is null");
        assertNotNull(tokenResponse.getIdToken(), "The id token is null");
        String idToken = tokenResponse.getIdToken();
        // 3. Read Encrypted ID Token
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
        PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
        Jwe jwe = Jwe.parse(idToken, privateKey, null);
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) PrivateKey(java.security.PrivateKey) GrantType(org.gluu.oxauth.model.common.GrantType) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) TokenResponse(org.gluu.oxauth.client.TokenResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) TokenRequest(org.gluu.oxauth.client.TokenRequest) Jwe(org.gluu.oxauth.model.jwe.Jwe) TokenClient(org.gluu.oxauth.client.TokenClient) Parameters(org.testng.annotations.Parameters)

Example 22 with GrantType

use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.

the class TokenEncryptionHttpTest method requestIdTokenAlgA128KWEncA128GCM.

@Parameters({ "userId", "userSecret", "redirectUris", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgA128KWEncA128GCM(final String userId, final String userSecret, final String redirectUris, final String sectorIdentifierUri) {
    try {
        showTitle("requestIdTokenAlgA128KWEncA128GCM");
        List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        // 1. Dynamic Client Registration
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        registerRequest.setGrantTypes(grantTypes);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse response = registerClient.exec();
        showClient(registerClient);
        assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
        assertNotNull(response.getClientId());
        assertNotNull(response.getClientSecret());
        assertNotNull(response.getRegistrationAccessToken());
        assertNotNull(response.getClientSecretExpiresAt());
        String clientId = response.getClientId();
        String clientSecret = response.getClientSecret();
        // 2. Request authorization
        TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        tokenRequest.setUsername(userId);
        tokenRequest.setPassword(userSecret);
        tokenRequest.setScope("openid");
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
        assertNotNull(tokenResponse.getTokenType(), "The token type is null");
        assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
        assertNotNull(tokenResponse.getScope(), "The scope is null");
        assertNotNull(tokenResponse.getIdToken(), "The id token is null");
        String idToken = tokenResponse.getIdToken();
        // 3. Read Encrypted ID Token
        Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(Util.UTF8_STRING_ENCODING));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) TokenResponse(org.gluu.oxauth.client.TokenResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) TokenRequest(org.gluu.oxauth.client.TokenRequest) Jwe(org.gluu.oxauth.model.jwe.Jwe) GrantType(org.gluu.oxauth.model.common.GrantType) TokenClient(org.gluu.oxauth.client.TokenClient) Parameters(org.testng.annotations.Parameters)

Example 23 with GrantType

use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.

the class TokenEncryptionHttpTest method requestIdTokenAlgRSA15EncA256CBCPLUSHS512.

@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// @Test // Before run this test, set openidScopeBackwardCompatibility to true
@Deprecated
public void requestIdTokenAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
    try {
        showTitle("requestIdTokenAlgRSA15EncA256CBCPLUSHS512");
        List<GrantType> grantTypes = Arrays.asList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        // 1. Dynamic Client Registration
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setJwksUri(jwksUri);
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        registerRequest.setGrantTypes(grantTypes);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse response = registerClient.exec();
        showClient(registerClient);
        assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
        assertNotNull(response.getClientId());
        assertNotNull(response.getClientSecret());
        assertNotNull(response.getRegistrationAccessToken());
        assertNotNull(response.getClientSecretExpiresAt());
        String clientId = response.getClientId();
        String clientSecret = response.getClientSecret();
        // 2. Request authorization
        TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        tokenRequest.setUsername(userId);
        tokenRequest.setPassword(userSecret);
        tokenRequest.setScope("openid");
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
        assertNotNull(tokenResponse.getTokenType(), "The token type is null");
        assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
        assertNotNull(tokenResponse.getScope(), "The scope is null");
        assertNotNull(tokenResponse.getIdToken(), "The id token is null");
        String idToken = tokenResponse.getIdToken();
        // 3. Read Encrypted ID Token
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
        PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
        Jwe jwe = Jwe.parse(idToken, privateKey, null);
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) PrivateKey(java.security.PrivateKey) GrantType(org.gluu.oxauth.model.common.GrantType) OxAuthCryptoProvider(org.gluu.oxauth.model.crypto.OxAuthCryptoProvider) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) TokenResponse(org.gluu.oxauth.client.TokenResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) TokenRequest(org.gluu.oxauth.client.TokenRequest) Jwe(org.gluu.oxauth.model.jwe.Jwe) TokenClient(org.gluu.oxauth.client.TokenClient) Parameters(org.testng.annotations.Parameters)

Example 24 with GrantType

use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.

the class RegisterRequest method fromJson.

public static RegisterRequest fromJson(JSONObject requestObject, boolean authorizationRequestCustomAllowedParameters) throws JSONException {
    final List<String> redirectUris = new ArrayList<String>();
    if (requestObject.has(REDIRECT_URIS.toString())) {
        JSONArray redirectUrisJsonArray = requestObject.getJSONArray(REDIRECT_URIS.toString());
        for (int i = 0; i < redirectUrisJsonArray.length(); i++) {
            String redirectionUri = redirectUrisJsonArray.getString(i);
            redirectUris.add(redirectionUri);
        }
    }
    final List<String> claimRedirectUris = new ArrayList<String>();
    if (requestObject.has(CLAIMS_REDIRECT_URIS.toString())) {
        JSONArray jsonArray = requestObject.getJSONArray(CLAIMS_REDIRECT_URIS.toString());
        for (int i = 0; i < jsonArray.length(); i++) {
            String uri = jsonArray.getString(i);
            claimRedirectUris.add(uri);
        }
    }
    final Set<String> responseTypes = new HashSet<String>();
    if (requestObject.has(RESPONSE_TYPES.toString())) {
        JSONArray responseTypesJsonArray = requestObject.getJSONArray(RESPONSE_TYPES.toString());
        for (int i = 0; i < responseTypesJsonArray.length(); i++) {
            responseTypes.add(responseTypesJsonArray.getString(i));
        }
    }
    final Set<GrantType> grantTypes = new HashSet<GrantType>();
    if (requestObject.has(GRANT_TYPES.toString())) {
        JSONArray grantTypesJsonArray = requestObject.getJSONArray(GRANT_TYPES.toString());
        for (int i = 0; i < grantTypesJsonArray.length(); i++) {
            GrantType gt = GrantType.fromString(grantTypesJsonArray.getString(i));
            if (gt != null) {
                grantTypes.add(gt);
            }
        }
    }
    final List<String> contacts = new ArrayList<String>();
    if (requestObject.has(CONTACTS.toString())) {
        JSONArray contactsJsonArray = requestObject.getJSONArray(CONTACTS.toString());
        for (int i = 0; i < contactsJsonArray.length(); i++) {
            contacts.add(contactsJsonArray.getString(i));
        }
    }
    final List<String> defaultAcrValues = new ArrayList<String>();
    if (requestObject.has(DEFAULT_ACR_VALUES.toString())) {
        JSONArray defaultAcrValuesJsonArray = requestObject.getJSONArray(DEFAULT_ACR_VALUES.toString());
        for (int i = 0; i < defaultAcrValuesJsonArray.length(); i++) {
            defaultAcrValues.add(defaultAcrValuesJsonArray.getString(i));
        }
    }
    final List<String> postLogoutRedirectUris = new ArrayList<String>();
    if (requestObject.has(POST_LOGOUT_REDIRECT_URIS.toString())) {
        JSONArray postLogoutRedirectUrisJsonArray = requestObject.getJSONArray(POST_LOGOUT_REDIRECT_URIS.toString());
        for (int i = 0; i < postLogoutRedirectUrisJsonArray.length(); i++) {
            postLogoutRedirectUris.add(postLogoutRedirectUrisJsonArray.getString(i));
        }
    }
    final List<String> requestUris = new ArrayList<String>();
    if (requestObject.has(REQUEST_URIS.toString())) {
        JSONArray requestUrisJsonArray = requestObject.getJSONArray(REQUEST_URIS.toString());
        for (int i = 0; i < requestUrisJsonArray.length(); i++) {
            requestUris.add(requestUrisJsonArray.getString(i));
        }
    }
    final List<String> authorizedOrigins = new ArrayList<String>();
    if (requestObject.has(AUTHORIZED_ORIGINS.toString())) {
        JSONArray authorizedOriginsJsonArray = requestObject.getJSONArray((AUTHORIZED_ORIGINS.toString()));
        for (int i = 0; i < authorizedOriginsJsonArray.length(); i++) {
            authorizedOrigins.add(authorizedOriginsJsonArray.getString(i));
        }
    }
    final List<String> scope = new ArrayList<String>();
    if (authorizationRequestCustomAllowedParameters && requestObject.has(SCOPES.toString())) {
        JSONArray scopesJsonArray = requestObject.getJSONArray(SCOPES.toString());
        for (int i = 0; i < scopesJsonArray.length(); i++) {
            scope.add(scopesJsonArray.getString(i));
        }
    } else if (requestObject.has(SCOPE.toString())) {
        String scopeString = requestObject.getString(SCOPE.toString());
        String[] scopeArray = scopeString.split(" ");
        for (String s : scopeArray) {
            if (StringUtils.isNotBlank(s)) {
                scope.add(s);
            }
        }
    }
    final List<String> claims = new ArrayList<String>();
    if (requestObject.has(CLAIMS.toString())) {
        String claimsString = requestObject.getString(CLAIMS.toString());
        String[] claimsArray = claimsString.split(" ");
        for (String c : claimsArray) {
            if (StringUtils.isNotBlank(c)) {
                claims.add(c);
            }
        }
    }
    final RegisterRequest result = new RegisterRequest();
    JsonApplier.getInstance().apply(requestObject, result);
    result.setJsonObject(requestObject);
    result.setRequestUris(requestUris);
    result.setAuthorizedOrigins(authorizedOrigins);
    result.setClaimsRedirectUris(claimRedirectUris);
    result.setInitiateLoginUri(requestObject.optString(INITIATE_LOGIN_URI.toString()));
    result.setPostLogoutRedirectUris(postLogoutRedirectUris);
    result.setDefaultAcrValues(defaultAcrValues);
    result.setRequireAuthTime(requestObject.has(REQUIRE_AUTH_TIME.toString()) && requestObject.getBoolean(REQUIRE_AUTH_TIME.toString()));
    result.setFrontChannelLogoutUris(extractList(requestObject, FRONT_CHANNEL_LOGOUT_URI.toString()));
    result.setFrontChannelLogoutSessionRequired(requestObject.optBoolean(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    result.setBackchannelLogoutUris(extractList(requestObject, BACKCHANNEL_LOGOUT_URI.toString()));
    result.setBackchannelLogoutSessionRequired(requestObject.optBoolean(BACKCHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    result.setAccessTokenLifetime(requestObject.has(ACCESS_TOKEN_LIFETIME.toString()) ? requestObject.getInt(ACCESS_TOKEN_LIFETIME.toString()) : null);
    result.setDefaultMaxAge(requestObject.has(DEFAULT_MAX_AGE.toString()) ? requestObject.getInt(DEFAULT_MAX_AGE.toString()) : null);
    result.setTlsClientAuthSubjectDn(requestObject.optString(TLS_CLIENT_AUTH_SUBJECT_DN.toString()));
    result.setAllowSpontaneousScopes(requestObject.optBoolean(ALLOW_SPONTANEOUS_SCOPES.toString()));
    result.setSpontaneousScopes(ClientUtil.extractListByKey(requestObject, SPONTANEOUS_SCOPES.toString()));
    result.setRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims(requestObject.optBoolean(RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS.toString()));
    result.setKeepClientAuthorizationAfterExpiration(requestObject.optBoolean(KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION.toString()));
    result.setRptAsJwt(requestObject.optBoolean(RPT_AS_JWT.toString()));
    result.setAccessTokenAsJwt(requestObject.optBoolean(ACCESS_TOKEN_AS_JWT.toString()));
    result.setAccessTokenSigningAlg(SignatureAlgorithm.fromString(requestObject.optString(ACCESS_TOKEN_SIGNING_ALG.toString())));
    result.setIdTokenSignedResponseAlg(requestObject.has(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())) : null);
    result.setIdTokenEncryptedResponseAlg(requestObject.has(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()) ? KeyEncryptionAlgorithm.fromName(requestObject.getString(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())) : null);
    result.setIdTokenEncryptedResponseEnc(requestObject.has(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()) ? BlockEncryptionAlgorithm.fromName(requestObject.getString(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())) : null);
    result.setUserInfoSignedResponseAlg(requestObject.has(USERINFO_SIGNED_RESPONSE_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(USERINFO_SIGNED_RESPONSE_ALG.toString())) : null);
    result.setUserInfoEncryptedResponseAlg(requestObject.has(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()) ? KeyEncryptionAlgorithm.fromName(requestObject.getString(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())) : null);
    result.setUserInfoEncryptedResponseEnc(requestObject.has(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()) ? BlockEncryptionAlgorithm.fromName(requestObject.getString(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())) : null);
    result.setRequestObjectSigningAlg(requestObject.has(REQUEST_OBJECT_SIGNING_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(REQUEST_OBJECT_SIGNING_ALG.toString())) : null);
    result.setRequestObjectEncryptionAlg(requestObject.has(REQUEST_OBJECT_ENCRYPTION_ALG.toString()) ? KeyEncryptionAlgorithm.fromName(requestObject.getString(REQUEST_OBJECT_ENCRYPTION_ALG.toString())) : null);
    result.setRequestObjectEncryptionEnc(requestObject.has(REQUEST_OBJECT_ENCRYPTION_ENC.toString()) ? BlockEncryptionAlgorithm.fromName(requestObject.getString(REQUEST_OBJECT_ENCRYPTION_ENC.toString())) : null);
    result.setTokenEndpointAuthMethod(requestObject.has(TOKEN_ENDPOINT_AUTH_METHOD.toString()) ? AuthenticationMethod.fromString(requestObject.getString(TOKEN_ENDPOINT_AUTH_METHOD.toString())) : null);
    result.setTokenEndpointAuthSigningAlg(requestObject.has(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()) ? SignatureAlgorithm.fromString(requestObject.getString(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())) : null);
    result.setRedirectUris(redirectUris);
    result.setScopes(scope);
    result.setScope(scope);
    result.setClaims(claims);
    result.setResponseTypes_(new ArrayList<String>(responseTypes));
    result.setGrantTypes(new ArrayList<GrantType>(grantTypes));
    result.setApplicationType(requestObject.has(APPLICATION_TYPE.toString()) ? ApplicationType.fromString(requestObject.getString(APPLICATION_TYPE.toString())) : ApplicationType.WEB);
    result.setContacts(contacts);
    result.setClientName(requestObject.optString(CLIENT_NAME.toString()));
    result.setIdTokenTokenBindingCnf(requestObject.optString(ID_TOKEN_TOKEN_BINDING_CNF.toString(), ""));
    result.setLogoUri(requestObject.optString(LOGO_URI.toString()));
    result.setClientUri(requestObject.optString(CLIENT_URI.toString()));
    result.setPolicyUri(requestObject.optString(POLICY_URI.toString()));
    result.setTosUri(requestObject.optString(TOS_URI.toString()));
    result.setJwksUri(requestObject.optString(JWKS_URI.toString()));
    result.setJwks(requestObject.optString(JWKS.toString()));
    result.setSectorIdentifierUri(requestObject.optString(SECTOR_IDENTIFIER_URI.toString()));
    result.setSubjectType(requestObject.has(SUBJECT_TYPE.toString()) ? SubjectType.fromString(requestObject.getString(SUBJECT_TYPE.toString())) : null);
    result.setSoftwareId(requestObject.optString(SOFTWARE_ID.toString()));
    result.setSoftwareVersion(requestObject.optString(SOFTWARE_VERSION.toString()));
    result.setSoftwareStatement(requestObject.optString(SOFTWARE_STATEMENT.toString()));
    result.setBackchannelTokenDeliveryMode(requestObject.has(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString()) ? BackchannelTokenDeliveryMode.fromString(requestObject.getString(BACKCHANNEL_TOKEN_DELIVERY_MODE.toString())) : null);
    result.setBackchannelClientNotificationEndpoint(requestObject.optString(BACKCHANNEL_CLIENT_NOTIFICATION_ENDPOINT.toString()));
    result.setBackchannelAuthenticationRequestSigningAlg(requestObject.has(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString()) ? AsymmetricSignatureAlgorithm.fromString(requestObject.getString(BACKCHANNEL_AUTHENTICATION_REQUEST_SIGNING_ALG.toString())) : null);
    result.setBackchannelUserCodeParameter(requestObject.has(BACKCHANNEL_USER_CODE_PARAMETER.toString()) ? requestObject.getBoolean(BACKCHANNEL_USER_CODE_PARAMETER.toString()) : null);
    return result;
}
Also used : ArrayList(java.util.ArrayList) StringUtils.toJSONArray(org.gluu.oxauth.model.util.StringUtils.toJSONArray) JSONArray(org.json.JSONArray) GrantType(org.gluu.oxauth.model.common.GrantType) HashSet(java.util.HashSet)

Example 25 with GrantType

use of org.gluu.oxauth.model.common.GrantType in project oxAuth by GluuFederation.

the class AcceptValidAsymmetricIdTokenSignature method acceptValidAsymmetricIdTokenSignatureES256.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "postLogoutRedirectUri", "clientJwksUri" })
@Test
public void acceptValidAsymmetricIdTokenSignatureES256(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String postLogoutRedirectUri, final String clientJwksUri) throws Exception {
    showTitle("OC5:FeatureTest-Accept Valid Asymmetric ID Token Signature es256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    List<GrantType> grantTypes = Arrays.asList(GrantType.AUTHORIZATION_CODE);
    // 1. Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, null, StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.ES256);
    registerRequest.setPostLogoutRedirectUris(StringUtils.spaceSeparatedToList(postLogoutRedirectUri));
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSubjectType(SubjectType.PUBLIC);
    registerRequest.setRequireAuthTime(true);
    registerRequest.setDefaultMaxAge(3600);
    registerRequest.setGrantTypes(grantTypes);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Request Authorization
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getIdToken());
    assertNotNull(authorizationResponse.getState());
    assertEquals(authorizationResponse.getState(), state);
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    ECDSAPublicKey publicKey = JwkClient.getECDSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    ECDSASigner ecdsaSigner = new ECDSASigner(SignatureAlgorithm.ES256, publicKey);
    assertTrue(ecdsaSigner.validate(jwt));
}
Also used : RegisterRequest(org.gluu.oxauth.client.RegisterRequest) AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest) ECDSASigner(org.gluu.oxauth.model.jws.ECDSASigner) Jwt(org.gluu.oxauth.model.jwt.Jwt) GrantType(org.gluu.oxauth.model.common.GrantType) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) RegisterClient(org.gluu.oxauth.client.RegisterClient) ECDSAPublicKey(org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Aggregations

GrantType (org.gluu.oxauth.model.common.GrantType)90 Parameters (org.testng.annotations.Parameters)85 BaseTest (org.gluu.oxauth.BaseTest)81 Test (org.testng.annotations.Test)81 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)71 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)64 RegisterClient (org.gluu.oxauth.client.RegisterClient)55 TokenClient (org.gluu.oxauth.client.TokenClient)53 TokenResponse (org.gluu.oxauth.client.TokenResponse)53 TokenRequest (org.gluu.oxauth.client.TokenRequest)46 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)38 ResponseType (org.gluu.oxauth.model.common.ResponseType)24 Builder (javax.ws.rs.client.Invocation.Builder)23 Response (javax.ws.rs.core.Response)23 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)23 JSONException (org.json.JSONException)23 JSONObject (org.json.JSONObject)21 ClientInfoClient (org.gluu.oxauth.client.ClientInfoClient)16 ClientInfoResponse (org.gluu.oxauth.client.ClientInfoResponse)16 AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)11