Search in sources :

Example 1 with RequestObjectValidator

use of org.wso2.carbon.identity.openidconnect.RequestObjectValidator in project identity-inbound-auth-oauth by wso2-extensions.

the class OAuth2CibaEndpoint method validateAuthenticationRequest.

/**
 * Validate whether Request JWT is in proper formatting.
 *
 * @param authRequest CIBA Authentication Request as a String.
 * @throws CibaAuthFailureException CIBA Authentication Failed Exception.
 */
private void validateAuthenticationRequest(String authRequest, String clientId) throws CibaAuthFailureException {
    // Validation for the proper formatting of signedJWT.
    cibaAuthRequestValidator.validateRequest(authRequest);
    // Validation for the client.
    cibaAuthRequestValidator.validateClient(authRequest, clientId);
    // Validation for the userHint.
    cibaAuthRequestValidator.validateUserHint(authRequest);
    // Validate Authentication request.
    cibaAuthRequestValidator.validateAuthRequestParams(authRequest);
    try {
        RequestObject requestObject;
        RequestObjectBuilder requestObjectBuilder;
        requestObjectBuilder = OAuthServerConfiguration.getInstance().getRequestObjectBuilders().get(REQUEST_PARAM_VALUE_BUILDER);
        OAuth2Parameters parameters = new OAuth2Parameters();
        parameters.setClientId(clientId);
        parameters.setTenantDomain(getSpTenantDomain(clientId));
        if (requestObjectBuilder == null) {
            String error = "Unable to build the OIDC Request Object";
            throw new CibaAuthFailureException(OAuth2ErrorCodes.SERVER_ERROR, error);
        }
        requestObject = requestObjectBuilder.buildRequestObject(authRequest, parameters);
        RequestObjectValidator requestObjectValidator = OAuthServerConfiguration.getInstance().getCIBARequestObjectValidator();
        OIDCRequestObjectUtil.validateRequestObjectSignature(parameters, requestObject, requestObjectValidator);
        if (!requestObjectValidator.validateRequestObject(requestObject, parameters)) {
            throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, "Invalid parameters " + "found in the Request Object.");
        }
    } catch (InvalidRequestException | RequestObjectException e) {
        if (log.isDebugEnabled()) {
            log.debug(OAuth2ErrorCodes.INVALID_REQUEST, e);
        }
        throw new CibaAuthFailureException(OAuth2ErrorCodes.INVALID_REQUEST, e.getMessage());
    }
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException) CibaAuthFailureException(org.wso2.carbon.identity.oauth.endpoint.exception.CibaAuthFailureException) RequestObjectBuilder(org.wso2.carbon.identity.openidconnect.RequestObjectBuilder) InvalidRequestException(org.wso2.carbon.identity.oauth.endpoint.exception.InvalidRequestException) RequestObjectValidator(org.wso2.carbon.identity.openidconnect.RequestObjectValidator) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject)

Example 2 with RequestObjectValidator

use of org.wso2.carbon.identity.openidconnect.RequestObjectValidator in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCRequestObjectUtilTest method testBuildRequestObjectURITest.

@Test(expectedExceptions = { RequestObjectException.class })
public void testBuildRequestObjectURITest() throws Exception {
    OAuth2Parameters oAuth2Parameters = new OAuth2Parameters();
    oAuth2Parameters.setTenantDomain("carbon.super");
    oAuth2Parameters.setClientId(TEST_CLIENT_ID_1);
    OAuthAuthzRequest oAuthAuthzRequest = mock(OAuthAuthzRequest.class);
    when(oAuthAuthzRequest.getParam(Constants.REQUEST_URI)).thenReturn("some-uri");
    OAuthServerConfiguration oauthServerConfigurationMock = mock(OAuthServerConfiguration.class);
    mockStatic(OAuthServerConfiguration.class);
    when(OAuthServerConfiguration.getInstance()).thenReturn(oauthServerConfigurationMock);
    mockStatic(OAuth2Util.class);
    when(OAuth2Util.getTenantId("carbon.super")).thenReturn(-1234);
    when((OAuth2Util.getPrivateKey(anyString(), anyInt()))).thenReturn(rsaPrivateKey);
    mockStatic(IdentityTenantUtil.class);
    when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
    RequestObjectValidator requestObjectValidator = PowerMockito.spy(new RequestObjectValidatorImpl());
    when((oauthServerConfigurationMock.getRequestObjectValidator())).thenReturn(requestObjectValidator);
    PowerMockito.doReturn(SOME_SERVER_URL.toString()).when(requestObjectValidator, "getTokenEpURL", anyString());
    KeyStoreManager keyStoreManager = Mockito.mock(KeyStoreManager.class);
    ConcurrentHashMap<String, KeyStoreManager> mtKeyStoreManagers = new ConcurrentHashMap();
    mtKeyStoreManagers.put(String.valueOf(SUPER_TENANT_ID), keyStoreManager);
    WhiteboxImpl.setInternalState(KeyStoreManager.class, "mtKeyStoreManagers", mtKeyStoreManagers);
    Mockito.when(keyStoreManager.getPrimaryKeyStore()).thenReturn(wso2KeyStore);
    Mockito.when(keyStoreManager.getKeyStore("wso2carbon.jks")).thenReturn(wso2KeyStore);
    RequestParamRequestObjectBuilder requestParamRequestObjectBuilder = new RequestParamRequestObjectBuilder();
    Map<String, RequestObjectBuilder> requestObjectBuilderMap = new HashMap<>();
    requestObjectBuilderMap.put(REQUEST_PARAM_VALUE_BUILDER, requestParamRequestObjectBuilder);
    requestObjectBuilderMap.put(REQUEST_URI_PARAM_VALUE_BUILDER, null);
    when((oauthServerConfigurationMock.getRequestObjectBuilders())).thenReturn(requestObjectBuilderMap);
    RequestObject requestObject = OIDCRequestObjectUtil.buildRequestObject(oAuthAuthzRequest, oAuth2Parameters);
}
Also used : HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) OAuthServerConfiguration(org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration) Matchers.anyString(org.mockito.Matchers.anyString) OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 3 with RequestObjectValidator

use of org.wso2.carbon.identity.openidconnect.RequestObjectValidator in project identity-inbound-auth-oauth by wso2-extensions.

the class RequestObjectValidatorImplTest method testValidateRequestObj.

@Test(dataProvider = "provideJWT")
public void testValidateRequestObj(String jwt, boolean isSigned, boolean isEncrypted, boolean validSignature, boolean validRequestObj, String errorMsg) throws Exception {
    OAuth2Parameters oAuth2Parameters = new OAuth2Parameters();
    oAuth2Parameters.setTenantDomain(SUPER_TENANT_DOMAIN_NAME);
    oAuth2Parameters.setClientId(TEST_CLIENT_ID_1);
    mockStatic(IdentityUtil.class);
    when(IdentityUtil.getServerURL(anyString(), anyBoolean(), anyBoolean())).thenReturn("some-server-url");
    mockStatic(IdentityTenantUtil.class);
    when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
    IdentityEventService eventServiceMock = mock(IdentityEventService.class);
    mockStatic(CentralLogMgtServiceComponentHolder.class);
    when(CentralLogMgtServiceComponentHolder.getInstance()).thenReturn(centralLogMgtServiceComponentHolderMock);
    when(centralLogMgtServiceComponentHolderMock.getIdentityEventService()).thenReturn(eventServiceMock);
    PowerMockito.doNothing().when(eventServiceMock).handleEvent(any());
    OAuthServerConfiguration oauthServerConfigurationMock = mock(OAuthServerConfiguration.class);
    mockStatic(OAuthServerConfiguration.class);
    when(OAuthServerConfiguration.getInstance()).thenReturn(oauthServerConfigurationMock);
    rsaPrivateKey = (RSAPrivateKey) wso2KeyStore.getKey("wso2carbon", "wso2carbon".toCharArray());
    mockStatic(OAuth2Util.class);
    when(OAuth2Util.getTenantId(SUPER_TENANT_DOMAIN_NAME)).thenReturn(SUPER_TENANT_ID);
    when((OAuth2Util.getPrivateKey(anyString(), anyInt()))).thenReturn(rsaPrivateKey);
    // Mock OAuth2Util returning public cert of the service provider
    when(OAuth2Util.getX509CertOfOAuthApp(TEST_CLIENT_ID_1, SUPER_TENANT_DOMAIN_NAME)).thenReturn(clientKeyStore.getCertificate(CLIENT_PUBLIC_CERT_ALIAS));
    RequestObjectValidatorImpl requestObjectValidator = PowerMockito.spy(new RequestObjectValidatorImpl());
    RequestParamRequestObjectBuilder requestParamRequestObjectBuilder = new RequestParamRequestObjectBuilder();
    when((oauthServerConfigurationMock.getRequestObjectValidator())).thenReturn(requestObjectValidator);
    mockIdentityProviderManager();
    PowerMockito.mockStatic(IdentityApplicationManagementUtil.class);
    FederatedAuthenticatorConfig config = new FederatedAuthenticatorConfig();
    when(IdentityApplicationManagementUtil.getFederatedAuthenticator(any(), any())).thenReturn(config);
    Property property = new Property();
    property.setValue(SOME_SERVER_URL);
    when(IdentityApplicationManagementUtil.getProperty(config.getProperties(), "IdPEntityId")).thenReturn(property);
    RequestObject requestObject = requestParamRequestObjectBuilder.buildRequestObject(jwt, oAuth2Parameters);
    Assert.assertEquals(requestParamRequestObjectBuilder.isEncrypted(jwt), isEncrypted, "Payload is encrypted:" + isEncrypted);
    Assert.assertEquals(requestObjectValidator.isSigned(requestObject), isSigned, "Request object isSigned: " + isSigned);
    if (isSigned) {
        Assert.assertEquals(requestObjectValidator.validateSignature(requestObject, oAuth2Parameters), validSignature, errorMsg + "Request Object Signature Validation failed.");
    }
    boolean validObject;
    try {
        validObject = requestObjectValidator.validateRequestObject(requestObject, oAuth2Parameters);
    } catch (Exception e) {
        validObject = false;
    }
    Assert.assertEquals(validObject, validRequestObj, errorMsg);
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig) OAuthServerConfiguration(org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration) Property(org.wso2.carbon.identity.application.common.model.Property) IdentityEventService(org.wso2.carbon.identity.event.services.IdentityEventService) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 4 with RequestObjectValidator

use of org.wso2.carbon.identity.openidconnect.RequestObjectValidator in project identity-inbound-auth-oauth by wso2-extensions.

the class OIDCRequestObjectUtilTest method testBuildRequestObjectTest.

@Test(dataProvider = "TestBuildRequestObjectTest")
public void testBuildRequestObjectTest(String requestObjectString, Map<String, Object> claims, boolean isSigned, boolean isEncrypted, boolean exceptionNotExpected, String errorMsg) throws Exception {
    OAuth2Parameters oAuth2Parameters = new OAuth2Parameters();
    oAuth2Parameters.setTenantDomain("carbon.super");
    oAuth2Parameters.setClientId(TEST_CLIENT_ID_1);
    OAuthAuthzRequest oAuthAuthzRequest = mock(OAuthAuthzRequest.class);
    IdentityEventService eventServiceMock = mock(IdentityEventService.class);
    when(oAuthAuthzRequest.getParam(Constants.REQUEST)).thenReturn(requestObjectString);
    mockStatic(CentralLogMgtServiceComponentHolder.class);
    when(CentralLogMgtServiceComponentHolder.getInstance()).thenReturn(centralLogMgtServiceComponentHolderMock);
    when(centralLogMgtServiceComponentHolderMock.getIdentityEventService()).thenReturn(eventServiceMock);
    PowerMockito.doNothing().when(eventServiceMock).handleEvent(any());
    OAuthServerConfiguration oauthServerConfigurationMock = mock(OAuthServerConfiguration.class);
    mockStatic(OAuthServerConfiguration.class);
    when(OAuthServerConfiguration.getInstance()).thenReturn(oauthServerConfigurationMock);
    mockStatic(OAuth2Util.class);
    when(OAuth2Util.getTenantId("carbon.super")).thenReturn(-1234);
    when((OAuth2Util.getPrivateKey(anyString(), anyInt()))).thenReturn(rsaPrivateKey);
    when(OAuth2Util.getX509CertOfOAuthApp(TEST_CLIENT_ID_1, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)).thenReturn(clientKeyStore.getCertificate("wso2carbon"));
    OAuthAppDO oAuthAppDO = new OAuthAppDO();
    when(OAuth2Util.getAppInformationByClientId(TEST_CLIENT_ID_1)).thenReturn(oAuthAppDO);
    mockStatic(IdentityTenantUtil.class);
    when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
    RequestObjectValidator requestObjectValidator = PowerMockito.spy(new RequestObjectValidatorImpl());
    when((oauthServerConfigurationMock.getRequestObjectValidator())).thenReturn(requestObjectValidator);
    PowerMockito.doReturn(SOME_SERVER_URL).when(requestObjectValidator, "getTokenEpURL", anyString());
    RequestParamRequestObjectBuilder requestParamRequestObjectBuilder = new RequestParamRequestObjectBuilder();
    Map<String, RequestObjectBuilder> requestObjectBuilderMap = new HashMap<>();
    requestObjectBuilderMap.put(REQUEST_PARAM_VALUE_BUILDER, requestParamRequestObjectBuilder);
    requestObjectBuilderMap.put(REQUEST_URI_PARAM_VALUE_BUILDER, null);
    when((oauthServerConfigurationMock.getRequestObjectBuilders())).thenReturn(requestObjectBuilderMap);
    try {
        OIDCRequestObjectUtil.buildRequestObject(oAuthAuthzRequest, oAuth2Parameters);
    } catch (RequestObjectException e) {
        Assert.assertFalse(exceptionNotExpected, errorMsg + " Request Object Building failed due to " + e.getErrorMessage());
    }
}
Also used : RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException) HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) OAuthServerConfiguration(org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration) Matchers.anyString(org.mockito.Matchers.anyString) IdentityEventService(org.wso2.carbon.identity.event.services.IdentityEventService) OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) OAuthAppDO(org.wso2.carbon.identity.oauth.dao.OAuthAppDO) OAuthAuthzRequest(org.apache.oltu.oauth2.as.request.OAuthAuthzRequest) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 5 with RequestObjectValidator

use of org.wso2.carbon.identity.openidconnect.RequestObjectValidator in project identity-inbound-auth-oauth by wso2-extensions.

the class RequestParamRequestObjectBuilderTest method buildRequestObjectTest.

@Test(dataProvider = "TestBuildRequestObjectTest")
public void buildRequestObjectTest(String requestObjectString, Map<String, Object> claims, boolean isSigned, boolean isEncrypted, boolean exceptionNotExpected, String errorMsg) throws Exception {
    mockStatic(IdentityUtil.class);
    mockStatic(IdentityTenantUtil.class);
    when(IdentityTenantUtil.getTenantId(anyString())).thenReturn(-1234);
    IdentityEventService eventServiceMock = mock(IdentityEventService.class);
    mockStatic(CentralLogMgtServiceComponentHolder.class);
    when(CentralLogMgtServiceComponentHolder.getInstance()).thenReturn(centralLogMgtServiceComponentHolderMock);
    when(centralLogMgtServiceComponentHolderMock.getIdentityEventService()).thenReturn(eventServiceMock);
    PowerMockito.doNothing().when(eventServiceMock).handleEvent(any());
    when(IdentityUtil.getServerURL(anyString(), anyBoolean(), anyBoolean())).thenReturn("some-server-url");
    OAuth2Parameters oAuth2Parameters = new OAuth2Parameters();
    oAuth2Parameters.setTenantDomain("carbon.super");
    oAuth2Parameters.setClientId(TEST_CLIENT_ID_1);
    OAuthServerConfiguration oauthServerConfigurationMock = mock(OAuthServerConfiguration.class);
    mockStatic(OAuthServerConfiguration.class);
    when(OAuthServerConfiguration.getInstance()).thenReturn(oauthServerConfigurationMock);
    mockStatic(RequestObjectValidatorImpl.class);
    PowerMockito.spy(RequestObjectValidatorImpl.class);
    rsaPrivateKey = (RSAPrivateKey) wso2KeyStore.getKey("wso2carbon", "wso2carbon".toCharArray());
    mockStatic(OAuth2Util.class);
    when(OAuth2Util.getTenantId("carbon.super")).thenReturn(-1234);
    when((OAuth2Util.getPrivateKey(anyString(), anyInt()))).thenReturn(rsaPrivateKey);
    when(OAuth2Util.getX509CertOfOAuthApp(TEST_CLIENT_ID_1, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)).thenReturn(clientKeyStore.getCertificate("wso2carbon"));
    RequestObjectValidator requestObjectValidator = new RequestObjectValidatorImpl();
    when((oauthServerConfigurationMock.getRequestObjectValidator())).thenReturn(requestObjectValidator);
    RequestObject requestObject;
    RequestParamRequestObjectBuilder requestParamRequestObjectBuilder = new RequestParamRequestObjectBuilder();
    try {
        requestObject = requestParamRequestObjectBuilder.buildRequestObject(requestObjectString, oAuth2Parameters);
        Assert.assertEquals(requestObject.isSigned(), isSigned, errorMsg);
        if (claims != null && !claims.isEmpty()) {
            for (Map.Entry entry : claims.entrySet()) {
                Assert.assertEquals(requestObject.getClaim(entry.getKey().toString()), entry.getValue(), "Request object claim:" + entry.getKey() + " is not properly set.");
            }
        }
    } catch (RequestObjectException e) {
        Assert.assertFalse(exceptionNotExpected, errorMsg + "Building failed due to " + e.getMessage());
    }
}
Also used : OAuth2Parameters(org.wso2.carbon.identity.oauth2.model.OAuth2Parameters) RequestObjectException(org.wso2.carbon.identity.oauth2.RequestObjectException) OAuthServerConfiguration(org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration) Map(java.util.Map) IdentityEventService(org.wso2.carbon.identity.event.services.IdentityEventService) RequestObject(org.wso2.carbon.identity.openidconnect.model.RequestObject) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

RequestObject (org.wso2.carbon.identity.openidconnect.model.RequestObject)6 HashMap (java.util.HashMap)5 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)5 BeforeTest (org.testng.annotations.BeforeTest)5 Test (org.testng.annotations.Test)5 OAuthServerConfiguration (org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration)5 RequestObjectException (org.wso2.carbon.identity.oauth2.RequestObjectException)5 OAuth2Parameters (org.wso2.carbon.identity.oauth2.model.OAuth2Parameters)5 Matchers.anyString (org.mockito.Matchers.anyString)3 IdentityEventService (org.wso2.carbon.identity.event.services.IdentityEventService)3 Map (java.util.Map)2 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2 OAuthAuthzRequest (org.apache.oltu.oauth2.as.request.OAuthAuthzRequest)2 OAuthAppDO (org.wso2.carbon.identity.oauth.dao.OAuthAppDO)2 RequestObjectBuilder (org.wso2.carbon.identity.openidconnect.RequestObjectBuilder)2 RequestObjectValidator (org.wso2.carbon.identity.openidconnect.RequestObjectValidator)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)1 Response (javax.ws.rs.core.Response)1 KeyStoreManager (org.wso2.carbon.core.util.KeyStoreManager)1