Example 61 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenEndpointAuthMethodRestrictionHttpTest method tokenEndpointAuthMethodClientSecretBasicFail3.
/**
* Fail 3: Call to Token Endpoint with Auth Method <code>private_key_jwt</code> should fail.
*/
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "RS256_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void tokenEndpointAuthMethodClientSecretBasicFail3(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("tokenEndpointAuthMethodClientSecretBasicFail3");
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertTrue(readClientResponse.getClaims().containsKey(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(readClientResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.CLIENT_SECRET_BASIC.toString());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get("scopes"));
// 3. Request authorization
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
assertNull(authorizationResponse.getIdToken(), "The id token is not null");
String authorizationCode = authorizationResponse.getCode();
// 4. Get Access Token
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
tokenRequest.setKeyId(keyId);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAudience(tokenEndpoint);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getErrorType(), "The error type is null");
assertNotNull(tokenResponse.getErrorDescription(), "The error description is null");
}
Also used :
ResponseType(org.xdi.oxauth.model.common.ResponseType)
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 62 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenRestWebServiceHttpTest method requestAccessTokenWithClientSecretJwtES256X509Cert.
@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestAccessTokenWithClientSecretJwtES256X509Cert(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestAccessTokenWithClientSecretJwtES256X509Cert");
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
tokenRequest.setAlgorithm(SignatureAlgorithm.ES256);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setKeyId(keyId);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
assertNotNull(tokenResponse.getEntity(), "The entity is null");
assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse.getTokenType(), "The token type is null");
assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
assertNotNull(tokenResponse.getScope(), "The scope is null");
assertNotNull(tokenResponse.getIdToken(), "The id token is null");
}
Also used :
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 63 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenRestWebServiceHttpTest method requestAccessTokenWithClientSecretJwtHS512.
@Parameters({ "redirectUris", "userId", "userSecret", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestAccessTokenWithClientSecretJwtHS512(final String redirectUris, final String userId, final String userSecret, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestAccessTokenWithClientSecretJwtHS512");
// Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse response1 = tokenClient.exec();
showClient(tokenClient);
assertEquals(response1.getStatus(), 200, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getEntity(), "The entity is null");
assertNotNull(response1.getAccessToken(), "The access token is null");
assertNotNull(response1.getTokenType(), "The token type is null");
assertNotNull(response1.getRefreshToken(), "The refresh token is null");
assertNotNull(response1.getScope(), "The scope is null");
assertNotNull(response1.getIdToken(), "The id token is null");
}
Also used :
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 64 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenSignaturesHttpTest method requestAuthorizationIdTokenHS256.
@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestAuthorizationIdTokenHS256(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("requestAuthorizationIdTokenHS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.ID_TOKEN);
// 1. Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setContacts(Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS256);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS256, clientSecret);
assertTrue(hmacSigner.validate(jwt));
}
Also used :
HMACSigner(org.xdi.oxauth.model.jws.HMACSigner)
Jwt(org.xdi.oxauth.model.jwt.Jwt)
ResponseType(org.xdi.oxauth.model.common.ResponseType)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 65 with Parameters
use of org.testng.annotations.Parameters in project oxAuth by GluuFederation.
the class TokenSignaturesHttpTest method testES512.
@Parameters({ "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testES512(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException {
try {
showTitle("Test ES512");
JwkClient jwkClient = new JwkClient(clientJwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19";
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES512);
System.out.println("Encoded Signature: " + encodedSignature);
boolean signatureVerified = cryptoProvider.verifySignature(signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES512);
assertTrue(signatureVerified, "Invalid signature");
} catch (Exception e) {
fail(e.getMessage(), e);
}
}
Also used :
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Aggregations
Parameters (org.testng.annotations.Parameters)1840
Test (org.testng.annotations.Test)1766
BaseTest (org.gluu.oxauth.BaseTest)1103
RegisterRequest (org.gluu.oxauth.client.RegisterRequest)781
RegisterResponse (org.gluu.oxauth.client.RegisterResponse)771
RegisterClient (org.gluu.oxauth.client.RegisterClient)717
ResponseType (org.gluu.oxauth.model.common.ResponseType)648
Response (javax.ws.rs.core.Response)537
Builder (javax.ws.rs.client.Invocation.Builder)532
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)532
AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)530
AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)525
BaseTest (org.xdi.oxauth.BaseTest)511
OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)418
TokenRequest (org.gluu.oxauth.client.TokenRequest)265
ResponseType (org.xdi.oxauth.model.common.ResponseType)259
TokenResponse (org.gluu.oxauth.client.TokenResponse)247
TokenClient (org.gluu.oxauth.client.TokenClient)242
JSONException (org.codehaus.jettison.json.JSONException)238
URISyntaxException (java.net.URISyntaxException)235
