Search in sources :

Example 66 with RSASigner

use of org.gluu.oxauth.model.jws.RSASigner in project oxAuth by GluuFederation.

the class TokenRevocationTest method requestTokenRevocation2.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestTokenRevocation2(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestTokenRevocation2");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
    // 1. Register client
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization and receive the authorization code.
    String nonce = UUID.randomUUID().toString();
    AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce);
    String scope = authorizationResponse.getScope();
    String authorizationCode = authorizationResponse.getCode();
    String idToken = authorizationResponse.getIdToken();
    // 3. Request access token using the authorization code.
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest);
    TokenResponse tokenResponse1 = tokenClient1.exec();
    showClient(tokenClient1);
    assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
    assertNotNull(tokenResponse1.getEntity(), "The entity is null");
    assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
    String accessToken = tokenResponse1.getAccessToken();
    String refreshToken = tokenResponse1.getRefreshToken();
    // 4. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    // 6. Request user info
    UserInfoClient userInfoClient1 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse1 = userInfoClient1.execUserInfo(accessToken);
    showClient(userInfoClient1);
    assertEquals(userInfoResponse1.getStatus(), 200, "Unexpected response code: " + userInfoResponse1.getStatus());
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.BIRTHDATE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.GENDER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.MIDDLE_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.NICKNAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PICTURE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PREFERRED_USERNAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PROFILE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.WEBSITE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.EMAIL));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.EMAIL_VERIFIED));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PHONE_NUMBER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.LOCALE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.USER_NAME));
    assertNull(userInfoResponse1.getClaim("org_name"));
    assertNull(userInfoResponse1.getClaim("work_phone"));
    // 7. Request access token revocation
    TokenRevocationRequest tokenRevocationRequest2 = new TokenRevocationRequest();
    tokenRevocationRequest2.setToken(accessToken);
    tokenRevocationRequest2.setTokenTypeHint(TokenTypeHint.ACCESS_TOKEN);
    tokenRevocationRequest2.setAuthUsername(clientId);
    tokenRevocationRequest2.setAuthPassword(clientSecret);
    TokenRevocationClient tokenRevocationClient2 = new TokenRevocationClient(tokenRevocationEndpoint);
    tokenRevocationClient2.setRequest(tokenRevocationRequest2);
    TokenRevocationResponse tokenRevocationResponse2 = tokenRevocationClient2.exec();
    showClient(tokenRevocationClient2);
    assertEquals(tokenRevocationResponse2.getStatus(), 200, "Unexpected response code: " + tokenRevocationResponse2.getStatus());
    // 8. Request user info with the revoked access token must fail
    UserInfoClient userInfoClient2 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse2 = userInfoClient2.execUserInfo(accessToken);
    showClient(userInfoClient2);
    assertEquals(userInfoResponse2.getStatus(), 401, "Unexpected response code: " + userInfoResponse2.getStatus());
    assertNotNull(userInfoResponse2.getErrorType(), "Unexpected result: errorType not found");
    assertNotNull(userInfoResponse2.getErrorDescription(), "Unexpected result: errorDescription not found");
    // 9. Request new access token using the refresh token must fail.
    TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
    showClient(tokenClient2);
    assertEquals(tokenResponse2.getStatus(), 400, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse2.getEntity(), "The entity is null");
    assertNotNull(tokenResponse2.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse2.getErrorDescription(), "The error description is null");
}
Also used : Jwt(org.gluu.oxauth.model.jwt.Jwt) TokenRevocationRequest(org.gluu.oxauth.client.TokenRevocationRequest) TokenRevocationClient(org.gluu.oxauth.client.TokenRevocationClient) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) TokenResponse(org.gluu.oxauth.client.TokenResponse) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) RSASigner(org.gluu.oxauth.model.jws.RSASigner) TokenRequest(org.gluu.oxauth.client.TokenRequest) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) TokenClient(org.gluu.oxauth.client.TokenClient) TokenRevocationResponse(org.gluu.oxauth.client.TokenRevocationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 67 with RSASigner

use of org.gluu.oxauth.model.jws.RSASigner in project oxAuth by GluuFederation.

the class TokenRevocationTest method requestTokenRevocationOptionalTokenTypeHint.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestTokenRevocationOptionalTokenTypeHint(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestTokenRevocationOptionalTokenTypeHint");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
    // 1. Register client
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization and receive the authorization code.
    String nonce = UUID.randomUUID().toString();
    AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce);
    String scope = authorizationResponse.getScope();
    String authorizationCode = authorizationResponse.getCode();
    String idToken = authorizationResponse.getIdToken();
    // 3. Request access token using the authorization code.
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest);
    TokenResponse tokenResponse1 = tokenClient1.exec();
    showClient(tokenClient1);
    assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
    assertNotNull(tokenResponse1.getEntity(), "The entity is null");
    assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
    String refreshToken = tokenResponse1.getRefreshToken();
    // 4. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    // 5. Request new access token using the refresh token.
    TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
    showClient(tokenClient2);
    assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse2.getEntity(), "The entity is null");
    assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
    assertNotNull(tokenResponse2.getScope(), "The scope is null");
    String accessToken = tokenResponse2.getAccessToken();
    String refreshToken2 = tokenResponse2.getRefreshToken();
    // 6. Request user info
    UserInfoClient userInfoClient1 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse1 = userInfoClient1.execUserInfo(accessToken);
    showClient(userInfoClient1);
    assertEquals(userInfoResponse1.getStatus(), 200, "Unexpected response code: " + userInfoResponse1.getStatus());
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.BIRTHDATE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.GENDER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.MIDDLE_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.NICKNAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PICTURE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PREFERRED_USERNAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PROFILE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.WEBSITE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.EMAIL));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.EMAIL_VERIFIED));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PHONE_NUMBER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.LOCALE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.USER_NAME));
    assertNull(userInfoResponse1.getClaim("org_name"));
    assertNull(userInfoResponse1.getClaim("work_phone"));
    // 7. Request refresh token revocation
    TokenRevocationRequest tokenRevocationRequest1 = new TokenRevocationRequest();
    tokenRevocationRequest1.setToken(refreshToken2);
    tokenRevocationRequest1.setAuthUsername(clientId);
    tokenRevocationRequest1.setAuthPassword(clientSecret);
    TokenRevocationClient tokenRevocationClient1 = new TokenRevocationClient(tokenRevocationEndpoint);
    tokenRevocationClient1.setRequest(tokenRevocationRequest1);
    TokenRevocationResponse tokenRevocationResponse1 = tokenRevocationClient1.exec();
    showClient(tokenRevocationClient1);
    assertEquals(tokenRevocationResponse1.getStatus(), 200, "Unexpected response code: " + tokenRevocationResponse1.getStatus());
    // 8. Request new access token using the revoked refresh token should fail.
    TokenClient tokenClient3 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse3 = tokenClient3.execRefreshToken(scope, refreshToken2, clientId, clientSecret);
    showClient(tokenClient3);
    assertEquals(tokenResponse3.getStatus(), 400, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse3.getEntity(), "The entity is null");
    assertNotNull(tokenResponse3.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse3.getErrorDescription(), "The error description is null");
    // 9. Request token revocation
    TokenRevocationRequest tokenRevocationRequest2 = new TokenRevocationRequest();
    tokenRevocationRequest2.setToken(accessToken);
    tokenRevocationRequest2.setAuthUsername(clientId);
    tokenRevocationRequest2.setAuthPassword(clientSecret);
    TokenRevocationClient tokenRevocationClient2 = new TokenRevocationClient(tokenRevocationEndpoint);
    tokenRevocationClient2.setRequest(tokenRevocationRequest2);
    TokenRevocationResponse tokenRevocationResponse2 = tokenRevocationClient2.exec();
    showClient(tokenRevocationClient2);
    assertEquals(tokenRevocationResponse2.getStatus(), 200, "Unexpected response code: " + tokenRevocationResponse2.getStatus());
    // 10. Request user info with the revoked access token should fail
    UserInfoClient userInfoClient2 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse2 = userInfoClient2.execUserInfo(accessToken);
    showClient(userInfoClient2);
    assertEquals(userInfoResponse2.getStatus(), 401, "Unexpected response code: " + userInfoResponse2.getStatus());
    assertNotNull(userInfoResponse2.getErrorType(), "Unexpected result: errorType not found");
    assertNotNull(userInfoResponse2.getErrorDescription(), "Unexpected result: errorDescription not found");
}
Also used : Jwt(org.gluu.oxauth.model.jwt.Jwt) TokenRevocationRequest(org.gluu.oxauth.client.TokenRevocationRequest) TokenRevocationClient(org.gluu.oxauth.client.TokenRevocationClient) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) TokenResponse(org.gluu.oxauth.client.TokenResponse) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) RSASigner(org.gluu.oxauth.model.jws.RSASigner) TokenRequest(org.gluu.oxauth.client.TokenRequest) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) TokenClient(org.gluu.oxauth.client.TokenClient) TokenRevocationResponse(org.gluu.oxauth.client.TokenRevocationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 68 with RSASigner

use of org.gluu.oxauth.model.jws.RSASigner in project oxAuth by GluuFederation.

the class TokenRevocationTest method requestTokenRevocation1.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestTokenRevocation1(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestTokenRevocation1");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
    // 1. Register client
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization and receive the authorization code.
    String nonce = UUID.randomUUID().toString();
    AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce);
    String scope = authorizationResponse.getScope();
    String authorizationCode = authorizationResponse.getCode();
    String idToken = authorizationResponse.getIdToken();
    // 3. Request access token using the authorization code.
    TokenRequest tokenRequest1 = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest1.setCode(authorizationCode);
    tokenRequest1.setRedirectUri(redirectUri);
    tokenRequest1.setAuthUsername(clientId);
    tokenRequest1.setAuthPassword(clientSecret);
    tokenRequest1.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest1);
    TokenResponse tokenResponse1 = tokenClient1.exec();
    showClient(tokenClient1);
    assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
    assertNotNull(tokenResponse1.getEntity(), "The entity is null");
    assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
    String refreshToken = tokenResponse1.getRefreshToken();
    // 4. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    // 5. Request new access token using the refresh token.
    TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
    showClient(tokenClient2);
    assertEquals(tokenResponse2.getStatus(), 200, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse2.getEntity(), "The entity is null");
    assertNotNull(tokenResponse2.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse2.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse2.getRefreshToken(), "The refresh token is null");
    assertNotNull(tokenResponse2.getScope(), "The scope is null");
    String accessToken2 = tokenResponse2.getAccessToken();
    String refreshToken2 = tokenResponse2.getRefreshToken();
    // 6. Request user info
    UserInfoClient userInfoClient1 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse1 = userInfoClient1.execUserInfo(accessToken2);
    showClient(userInfoClient1);
    assertEquals(userInfoResponse1.getStatus(), 200, "Unexpected response code: " + userInfoResponse1.getStatus());
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.BIRTHDATE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.GENDER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.MIDDLE_NAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.NICKNAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PICTURE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PREFERRED_USERNAME));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PROFILE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.WEBSITE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.EMAIL));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.EMAIL_VERIFIED));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PHONE_NUMBER));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.PHONE_NUMBER_VERIFIED));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.ADDRESS));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.LOCALE));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(userInfoResponse1.getClaim(JwtClaimName.USER_NAME));
    assertNull(userInfoResponse1.getClaim("org_name"));
    assertNull(userInfoResponse1.getClaim("work_phone"));
    // 7. Request refresh token revocation
    TokenRevocationRequest tokenRevocationRequest1 = new TokenRevocationRequest();
    tokenRevocationRequest1.setToken(refreshToken2);
    tokenRevocationRequest1.setTokenTypeHint(TokenTypeHint.REFRESH_TOKEN);
    tokenRevocationRequest1.setAuthUsername(clientId);
    tokenRevocationRequest1.setAuthPassword(clientSecret);
    TokenRevocationClient tokenRevocationClient1 = new TokenRevocationClient(tokenRevocationEndpoint);
    tokenRevocationClient1.setRequest(tokenRevocationRequest1);
    TokenRevocationResponse tokenRevocationResponse1 = tokenRevocationClient1.exec();
    showClient(tokenRevocationClient1);
    assertEquals(tokenRevocationResponse1.getStatus(), 200, "Unexpected response code: " + tokenRevocationResponse1.getStatus());
    // 8. Request new access token using the revoked refresh token should fail.
    TokenClient tokenClient3 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse3 = tokenClient3.execRefreshToken(scope, refreshToken2, clientId, clientSecret);
    showClient(tokenClient3);
    assertEquals(tokenResponse3.getStatus(), 400, "Unexpected response code: " + tokenResponse3.getStatus());
    assertNotNull(tokenResponse3.getEntity(), "The entity is null");
    assertNotNull(tokenResponse3.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse3.getErrorDescription(), "The error description is null");
    // 9. Request token revocation
    TokenRevocationRequest tokenRevocationRequest2 = new TokenRevocationRequest();
    tokenRevocationRequest2.setToken(accessToken2);
    tokenRevocationRequest2.setTokenTypeHint(TokenTypeHint.ACCESS_TOKEN);
    tokenRevocationRequest2.setAuthUsername(clientId);
    tokenRevocationRequest2.setAuthPassword(clientSecret);
    TokenRevocationClient tokenRevocationClient2 = new TokenRevocationClient(tokenRevocationEndpoint);
    tokenRevocationClient2.setRequest(tokenRevocationRequest2);
    TokenRevocationResponse tokenRevocationResponse2 = tokenRevocationClient2.exec();
    showClient(tokenRevocationClient2);
    assertEquals(tokenRevocationResponse2.getStatus(), 200, "Unexpected response code: " + tokenRevocationResponse2.getStatus());
    // 10. Request user info with the revoked access token should fail
    UserInfoClient userInfoClient2 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse2 = userInfoClient2.execUserInfo(accessToken2);
    showClient(userInfoClient2);
    assertEquals(userInfoResponse2.getStatus(), 401, "Unexpected response code: " + userInfoResponse2.getStatus());
    assertNotNull(userInfoResponse2.getErrorType(), "Unexpected result: errorType not found");
    assertNotNull(userInfoResponse2.getErrorDescription(), "Unexpected result: errorDescription not found");
}
Also used : Jwt(org.gluu.oxauth.model.jwt.Jwt) TokenRevocationRequest(org.gluu.oxauth.client.TokenRevocationRequest) TokenRevocationClient(org.gluu.oxauth.client.TokenRevocationClient) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) TokenResponse(org.gluu.oxauth.client.TokenResponse) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) RSASigner(org.gluu.oxauth.model.jws.RSASigner) TokenRequest(org.gluu.oxauth.client.TokenRequest) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) TokenClient(org.gluu.oxauth.client.TokenClient) TokenRevocationResponse(org.gluu.oxauth.client.TokenRevocationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 69 with RSASigner

use of org.gluu.oxauth.model.jws.RSASigner in project oxAuth by GluuFederation.

the class TokenRevocationTest method requestTokenRevocation3.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestTokenRevocation3(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestTokenRevocation3");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name");
    // 1. Register client
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization and receive the authorization code.
    String nonce = UUID.randomUUID().toString();
    AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce);
    String scope = authorizationResponse.getScope();
    String authorizationCode = authorizationResponse.getCode();
    String idToken = authorizationResponse.getIdToken();
    // 3. Request access token using the authorization code.
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    TokenClient tokenClient1 = new TokenClient(tokenEndpoint);
    tokenClient1.setRequest(tokenRequest);
    TokenResponse tokenResponse1 = tokenClient1.exec();
    showClient(tokenClient1);
    assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
    assertNotNull(tokenResponse1.getEntity(), "The entity is null");
    assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
    assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
    assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
    assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
    String accessToken = tokenResponse1.getAccessToken();
    String refreshToken = tokenResponse1.getRefreshToken();
    // 4. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
    assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    // 5. Request refresh token revocation
    TokenRevocationRequest tokenRevocationRequest1 = new TokenRevocationRequest();
    tokenRevocationRequest1.setToken(refreshToken);
    tokenRevocationRequest1.setTokenTypeHint(TokenTypeHint.REFRESH_TOKEN);
    tokenRevocationRequest1.setAuthUsername(clientId);
    tokenRevocationRequest1.setAuthPassword(clientSecret);
    TokenRevocationClient tokenRevocationClient1 = new TokenRevocationClient(tokenRevocationEndpoint);
    tokenRevocationClient1.setRequest(tokenRevocationRequest1);
    TokenRevocationResponse tokenRevocationResponse1 = tokenRevocationClient1.exec();
    showClient(tokenRevocationClient1);
    assertEquals(tokenRevocationResponse1.getStatus(), 200, "Unexpected response code: " + tokenRevocationResponse1.getStatus());
    // 6. Request new access token using revoked refresh token.
    TokenClient tokenClient2 = new TokenClient(tokenEndpoint);
    TokenResponse tokenResponse2 = tokenClient2.execRefreshToken(scope, refreshToken, clientId, clientSecret);
    showClient(tokenClient2);
    assertEquals(tokenResponse2.getStatus(), 400, "Unexpected response code: " + tokenResponse2.getStatus());
    assertNotNull(tokenResponse2.getEntity(), "The entity is null");
    assertNotNull(tokenResponse2.getErrorType(), "The error type is null");
    assertNotNull(tokenResponse2.getErrorDescription(), "The error description is null");
    // 7. Request user info must fail
    UserInfoClient userInfoClient1 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse1 = userInfoClient1.execUserInfo(accessToken);
    showClient(userInfoClient1);
    assertEquals(userInfoResponse1.getStatus(), 401, "Unexpected response code: " + userInfoResponse1.getStatus());
    assertNotNull(userInfoResponse1.getErrorType(), "Unexpected result: errorType not found");
    assertNotNull(userInfoResponse1.getErrorDescription(), "Unexpected result: errorDescription not found");
    // 8. Request access token revocation
    TokenRevocationRequest tokenRevocationRequest2 = new TokenRevocationRequest();
    tokenRevocationRequest2.setToken(accessToken);
    tokenRevocationRequest2.setTokenTypeHint(TokenTypeHint.ACCESS_TOKEN);
    tokenRevocationRequest2.setAuthUsername(clientId);
    tokenRevocationRequest2.setAuthPassword(clientSecret);
    TokenRevocationClient tokenRevocationClient2 = new TokenRevocationClient(tokenRevocationEndpoint);
    tokenRevocationClient2.setRequest(tokenRevocationRequest2);
    TokenRevocationResponse tokenRevocationResponse2 = tokenRevocationClient2.exec();
    showClient(tokenRevocationClient2);
    assertEquals(tokenRevocationResponse2.getStatus(), 200, "Unexpected response code: " + tokenRevocationResponse2.getStatus());
    // 9. Request user info with the revoked access token should fail
    UserInfoClient userInfoClient2 = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse2 = userInfoClient2.execUserInfo(accessToken);
    showClient(userInfoClient2);
    assertEquals(userInfoResponse2.getStatus(), 401, "Unexpected response code: " + userInfoResponse2.getStatus());
    assertNotNull(userInfoResponse2.getErrorType(), "Unexpected result: errorType not found");
    assertNotNull(userInfoResponse2.getErrorDescription(), "Unexpected result: errorDescription not found");
}
Also used : Jwt(org.gluu.oxauth.model.jwt.Jwt) TokenRevocationRequest(org.gluu.oxauth.client.TokenRevocationRequest) TokenRevocationClient(org.gluu.oxauth.client.TokenRevocationClient) UserInfoClient(org.gluu.oxauth.client.UserInfoClient) ResponseType(org.gluu.oxauth.model.common.ResponseType) AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse) RegisterResponse(org.gluu.oxauth.client.RegisterResponse) TokenResponse(org.gluu.oxauth.client.TokenResponse) RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey) RSASigner(org.gluu.oxauth.model.jws.RSASigner) TokenRequest(org.gluu.oxauth.client.TokenRequest) UserInfoResponse(org.gluu.oxauth.client.UserInfoResponse) TokenClient(org.gluu.oxauth.client.TokenClient) TokenRevocationResponse(org.gluu.oxauth.client.TokenRevocationResponse) Parameters(org.testng.annotations.Parameters) BaseTest(org.gluu.oxauth.BaseTest) Test(org.testng.annotations.Test)

Example 70 with RSASigner

use of org.gluu.oxauth.model.jws.RSASigner in project oxAuth by GluuFederation.

the class CrossEncryptionTest method decryptAndValidateSignatureWithGluu.

private void decryptAndValidateSignatureWithGluu(String jweString) throws ParseException, JOSEException, InvalidJweException, JSONException, InvalidJwtException {
    JWK jwk = JWK.parse(recipientJwkJson);
    RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
    JweDecrypterImpl decrypter = new JweDecrypterImpl(rsaPrivateKey);
    decrypter.setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.RSA_OAEP);
    decrypter.setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.A128GCM);
    final Jwe jwe = decrypter.decrypt(jweString);
    assertEquals(JwtType.JWT, jwe.getHeader().getContentType());
    final Jwt jwt = jwe.getSignedJWTPayload();
    Assert.assertTrue(new RSASigner(SignatureAlgorithm.RS256, getSenderPublicKey()).validate(jwt));
    System.out.println("Gluu decrypt and nested jwt signature verification succeed: " + jwt.getClaims().toJsonString());
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JweDecrypterImpl(org.gluu.oxauth.model.jwe.JweDecrypterImpl) Jwt(org.gluu.oxauth.model.jwt.Jwt) RSASigner(org.gluu.oxauth.model.jws.RSASigner) Jwe(org.gluu.oxauth.model.jwe.Jwe) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWK(com.nimbusds.jose.jwk.JWK)

Aggregations

RSASigner (org.gluu.oxauth.model.jws.RSASigner)102 RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)101 Jwt (org.gluu.oxauth.model.jwt.Jwt)98 BaseTest (org.gluu.oxauth.BaseTest)93 Test (org.testng.annotations.Test)93 AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)92 RegisterResponse (org.gluu.oxauth.client.RegisterResponse)90 ResponseType (org.gluu.oxauth.model.common.ResponseType)90 Parameters (org.testng.annotations.Parameters)89 AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)86 RegisterClient (org.gluu.oxauth.client.RegisterClient)83 RegisterRequest (org.gluu.oxauth.client.RegisterRequest)83 AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)53 UserInfoClient (org.gluu.oxauth.client.UserInfoClient)49 UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)49 JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)40 OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)25 TokenClient (org.gluu.oxauth.client.TokenClient)24 TokenResponse (org.gluu.oxauth.client.TokenResponse)24 Claim (org.gluu.oxauth.client.model.authorize.Claim)24