Search in sources :

Example 56 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class HoKTest method getUserInfoByHoKAccessTokenWithoutClientCertificate.

@Test
public void getUserInfoByHoKAccessTokenWithoutClientCertificate() throws Exception {
    // get an access token
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse tokenResponse = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
    events.expectCodeToToken(codeId, sessionId).assertEvent();
    // execute the access token to get UserInfo without token binded client certificate in mutual authentication TLS
    ClientBuilder clientBuilder = ClientBuilder.newBuilder();
    Client client = clientBuilder.build();
    WebTarget userInfoTarget = null;
    Response response = null;
    try {
        userInfoTarget = UserInfoClientUtil.getUserInfoWebTarget(client);
        response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getAccessToken()).get();
        assertEquals(401, response.getStatus());
    } finally {
        response.close();
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IOException(java.io.IOException) WebTarget(javax.ws.rs.client.WebTarget) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) ClientBuilder(javax.ws.rs.client.ClientBuilder) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 57 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class HoKTest method refreshTokenRequestByHoKRefreshTokenWithClientCertificate.

@Test
public void refreshTokenRequestByHoKRefreshTokenWithClientCertificate() throws Exception {
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse tokenResponse = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
    AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
    String refreshTokenString = tokenResponse.getRefreshToken();
    RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString);
    EventRepresentation tokenEvent = events.expectCodeToToken(codeId, sessionId).assertEvent();
    Assert.assertNotNull(refreshTokenString);
    assertEquals("Bearer", tokenResponse.getTokenType());
    Assert.assertThat(token.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(200), lessThanOrEqualTo(350)));
    int actual = refreshToken.getExpiration() - getCurrentTime();
    Assert.assertThat(actual, allOf(greaterThanOrEqualTo(1799 - RefreshTokenTest.ALLOWED_CLOCK_SKEW), lessThanOrEqualTo(1800 + RefreshTokenTest.ALLOWED_CLOCK_SKEW)));
    assertEquals(sessionId, refreshToken.getSessionState());
    setTimeOffset(2);
    AccessTokenResponse response = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        response = oauth.doRefreshTokenRequest(refreshTokenString, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    // Success Pattern
    expectSuccessfulResponseFromTokenEndpoint(response, sessionId, token, refreshToken, tokenEvent);
    verifyHoKTokenDefaultCertThumbPrint(response);
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) RefreshToken(org.keycloak.representations.RefreshToken) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IOException(java.io.IOException) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 58 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class HoKTest method getUserInfoByHoKAccessTokenWithClientCertificate.

// verify HoK Token - Get UserInfo
@Test
public void getUserInfoByHoKAccessTokenWithClientCertificate() throws Exception {
    // get an access token
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    AccessTokenResponse tokenResponse = null;
    try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
        tokenResponse = oauth.doAccessTokenRequest(code, "password", client);
    } catch (IOException ioe) {
        throw new RuntimeException(ioe);
    }
    verifyHoKTokenDefaultCertThumbPrint(tokenResponse);
    events.expectCodeToToken(codeId, sessionId).assertEvent();
    // execute the access token to get UserInfo with token binded client certificate in mutual authentication TLS
    ClientBuilder clientBuilder = ClientBuilder.newBuilder();
    KeyStore keystore = null;
    keystore = KeystoreUtil.loadKeyStore(MutualTLSUtils.DEFAULT_KEYSTOREPATH, MutualTLSUtils.DEFAULT_KEYSTOREPASSWORD);
    clientBuilder.keyStore(keystore, MutualTLSUtils.DEFAULT_KEYSTOREPASSWORD);
    Client client = clientBuilder.build();
    WebTarget userInfoTarget = null;
    Response response = null;
    try {
        userInfoTarget = UserInfoClientUtil.getUserInfoWebTarget(client);
        response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getAccessToken()).get();
        testSuccessfulUserInfoResponse(response);
    } finally {
        response.close();
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IOException(java.io.IOException) WebTarget(javax.ws.rs.client.WebTarget) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) KeyStore(java.security.KeyStore) ClientBuilder(javax.ws.rs.client.ClientBuilder) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 59 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class HoKTest method accessTokenRequestWithClientCertificateInHybridFlowWithCodeIDToken.

// Hybrid Code Flow : response_type = code id_token
// Bind HoK Token
@Test
public void accessTokenRequestWithClientCertificateInHybridFlowWithCodeIDToken() throws Exception {
    String nonce = "ckw938gnspa93dj";
    ClientManager.realm(adminClient.realm("test")).clientId("test-app").standardFlow(true).implicitFlow(true);
    oauth.clientId("test-app");
    oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN);
    oauth.nonce(nonce);
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    OAuthClient.AuthorizationEndpointResponse authzResponse = new OAuthClient.AuthorizationEndpointResponse(oauth, true);
    Assert.assertNotNull(authzResponse.getSessionState());
    List<IDToken> idTokens = testAuthzResponseAndRetrieveIDTokens(authzResponse, loginEvent);
    for (IDToken idToken : idTokens) {
        Assert.assertEquals(nonce, idToken.getNonce());
        Assert.assertEquals(authzResponse.getSessionState(), idToken.getSessionState());
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken) RefreshTokenTest(org.keycloak.testsuite.oauth.RefreshTokenTest) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 60 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class ResetPasswordTest method resetPasswordCancelChangeUser.

@Test
public void resetPasswordCancelChangeUser() throws IOException, MessagingException {
    initiateResetPasswordFromResetPasswordPage("test-user@localhost");
    events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).detail(Details.USERNAME, "test-user@localhost").session((String) null).detail(Details.EMAIL, "test-user@localhost").assertEvent();
    loginPage.login("login@test.com", "password");
    EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "login@test.com").assertEvent();
    String code = oauth.getCurrentQuery().get("code");
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
    assertEquals(200, tokenResponse.getStatusCode());
    assertEquals(userId, oauth.verifyToken(tokenResponse.getAccessToken()).getSubject());
    events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).user(userId).assertEvent();
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKerberosTest(org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

EventRepresentation (org.keycloak.representations.idm.EventRepresentation)164 Test (org.junit.Test)124 OAuthClient (org.keycloak.testsuite.util.OAuthClient)93 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)60 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)44 RefreshToken (org.keycloak.representations.RefreshToken)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 AccessToken (org.keycloak.representations.AccessToken)26 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)25 IDToken (org.keycloak.representations.IDToken)23 Matchers.containsString (org.hamcrest.Matchers.containsString)15 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)15 Response (javax.ws.rs.core.Response)13 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)12 IOException (java.io.IOException)11 RealmResource (org.keycloak.admin.client.resource.RealmResource)11 AssertEvents (org.keycloak.testsuite.AssertEvents)10 JWSInput (org.keycloak.jose.jws.JWSInput)9 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)9