Search in sources :

Example 26 with UncaughtServerErrorExpected

use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.

the class FlowOverrideTest method testRestInterfaceWithBadId.

@Test
@UncaughtServerErrorExpected
public void testRestInterfaceWithBadId() throws Exception {
    ClientsResource clients = adminClient.realm("test").clients();
    List<ClientRepresentation> query = clients.findByClientId(TEST_APP_FLOW);
    ClientRepresentation clientRep = query.get(0);
    String browserFlowId = clientRep.getAuthenticationFlowBindingOverrides().get(AuthenticationFlowBindings.BROWSER_BINDING);
    clientRep.getAuthenticationFlowBindingOverrides().put(AuthenticationFlowBindings.BROWSER_BINDING, "bad-id");
    try {
        clients.get(clientRep.getId()).update(clientRep);
        Assert.fail();
    } catch (Exception e) {
    }
    query = clients.findByClientId(TEST_APP_FLOW);
    clientRep = query.get(0);
    Assert.assertEquals(browserFlowId, clientRep.getAuthenticationFlowBindingOverrides().get(AuthenticationFlowBindings.BROWSER_BINDING));
}
Also used : ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Example 27 with UncaughtServerErrorExpected

use of org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected in project keycloak by keycloak.

the class IdTokenEncryptionTest method testIdTokenEncryptionWithoutEncryptionKEK.

@Test
@UncaughtServerErrorExpected
public void testIdTokenEncryptionWithoutEncryptionKEK() {
    ClientResource clientResource = null;
    ClientRepresentation clientRep = null;
    try {
        // generate and register signing/verifying key onto client, not encryption key
        TestOIDCEndpointsApplicationResource oidcClientEndpointsResource = testingClient.testApp().oidcClientEndpoints();
        oidcClientEndpointsResource.generateKeys(Algorithm.RS256);
        clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
        clientRep = clientResource.toRepresentation();
        // set id token signature algorithm and encryption algorithms
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenSignedResponseAlg(Algorithm.RS256);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseAlg(JWEConstants.RSA1_5);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseEnc(JWEConstants.A128CBC_HS256);
        // use and set jwks_url
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(true);
        String jwksUrl = TestApplicationResourceUrls.clientJwksUri();
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(jwksUrl);
        clientResource.update(clientRep);
        // get id token but failed
        OAuthClient.AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
        AccessTokenResponse atr = oauth.doAccessTokenRequest(response.getCode(), "password");
        Assert.assertEquals(OAuthErrorException.INVALID_REQUEST, atr.getError());
        Assert.assertEquals("can not get encryption KEK", atr.getErrorDescription());
    } finally {
        // Revert
        clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
        clientRep = clientResource.toRepresentation();
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenSignedResponseAlg(Algorithm.RS256);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseAlg(null);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setIdTokenEncryptedResponseEnc(null);
        // Revert jwks_url settings
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setUseJwksUrl(false);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep).setJwksUrl(null);
        clientResource.update(clientRep);
    }
}
Also used : TestOIDCEndpointsApplicationResource(org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource) OAuthClient(org.keycloak.testsuite.util.OAuthClient) ClientResource(org.keycloak.admin.client.resource.ClientResource) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Aggregations

Test (org.junit.Test)27 UncaughtServerErrorExpected (org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)27 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)17 OAuthClient (org.keycloak.testsuite.util.OAuthClient)16 AccessToken (org.keycloak.representations.AccessToken)11 Response (javax.ws.rs.core.Response)10 HashMap (java.util.HashMap)7 List (java.util.List)7 Client (javax.ws.rs.client.Client)6 WebTarget (javax.ws.rs.client.WebTarget)6 Form (javax.ws.rs.core.Form)6 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)6 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)6 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)6 Element (org.w3c.dom.Element)5 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)4 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)3 TokenVerifier (org.keycloak.TokenVerifier)3 ClientResource (org.keycloak.admin.client.resource.ClientResource)3