use of org.xdi.oxauth.client.model.JwtState in project oxAuth by GluuFederation.
the class EncodeClaimsInStateParameter method jwtStateES384Test.
@Parameters({ "keyStoreFile", "keyStoreSecret", "dnName", "ES384_keyId" })
@Test
public void jwtStateES384Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
showTitle("jwtStateES384Test");
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(SignatureAlgorithm.ES384, cryptoProvider);
jwtState.setKeyId(keyId);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt();
assertNotNull(encodedState);
System.out.println("Signed JWS State: " + encodedState);
Jwt jwt = Jwt.parse(encodedState);
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.ES384);
assertTrue(validJwt);
}
use of org.xdi.oxauth.client.model.JwtState in project oxAuth by GluuFederation.
the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(clientJwksUri);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
jwtState.setKeyId(keyId);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt(jwks);
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(encodedState);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String state = authorizationResponse.getState();
// 3. Decrypt state
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(state, privateKey, null);
assertNotNull(jwe.getClaims().getClaimAsString(KID));
assertNotNull(jwe.getClaims().getClaimAsString(RFP));
assertNotNull(jwe.getClaims().getClaimAsString(JTI));
assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
assertEquals(addClaims.getString("first_name"), "Javier");
assertEquals(addClaims.getString("last_name"), "Rojas");
assertEquals(addClaims.getInt("age"), 34);
assertNotNull(addClaims.getJSONArray("more"));
assertEquals(addClaims.getJSONArray("more").length(), 2);
}
use of org.xdi.oxauth.client.model.JwtState in project oxAuth by GluuFederation.
the class EncodeClaimsInStateParameter method jwtStateAlgRSA15EncA256CBCPLUSHS512Test.
@Parameters({ "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void jwtStateAlgRSA15EncA256CBCPLUSHS512Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("jwtStateAlgRSA15EncA256CBCPLUSHS512Test");
JSONObject jwks = JwtUtil.getJSONWebKeys(clientJwksUri);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, cryptoProvider);
jwtState.setKeyId(keyId);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt(jwks);
assertNotNull(encodedState);
System.out.println("Encrypted JWE State: " + encodedState);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
Jwe jwe = Jwe.parse(encodedState, privateKey, null);
assertNotNull(jwe.getClaims().getClaimAsString(KID));
assertNotNull(jwe.getClaims().getClaimAsString(RFP));
assertNotNull(jwe.getClaims().getClaimAsString(JTI));
assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
assertEquals(addClaims.getString("first_name"), "Javier");
assertEquals(addClaims.getString("last_name"), "Rojas");
assertEquals(addClaims.getInt("age"), 34);
assertNotNull(addClaims.getJSONArray("more"));
assertEquals(addClaims.getJSONArray("more").length(), 2);
}
use of org.xdi.oxauth.client.model.JwtState in project oxAuth by GluuFederation.
the class EncodeClaimsInStateParameter method jwtStateAlgA256KWEncA256GCMTest.
@Test
public void jwtStateAlgA256KWEncA256GCMTest() throws Exception {
showTitle("jwtStateAlgA256KWEncA256GCMTest");
String sharedKey = "shared_key";
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.A256KW, BlockEncryptionAlgorithm.A256GCM, sharedKey);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt();
assertNotNull(encodedState);
System.out.println("Encrypted JWE State: " + encodedState);
Jwe jwe = Jwe.parse(encodedState, null, sharedKey.getBytes());
assertNotNull(jwe.getClaims().getClaimAsString(RFP));
assertNotNull(jwe.getClaims().getClaimAsString(JTI));
assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
assertEquals(addClaims.getString("first_name"), "Javier");
assertEquals(addClaims.getString("last_name"), "Rojas");
assertEquals(addClaims.getInt("age"), 34);
assertNotNull(addClaims.getJSONArray("more"));
assertEquals(addClaims.getJSONArray("more").length(), 2);
}
use of org.xdi.oxauth.client.model.JwtState in project oxAuth by GluuFederation.
the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterRS512.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS512_keyId" })
@Test
public void encodeClaimsInStateParameterRS512(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
showTitle("encodeClaimsInStateParameterRS512");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(SignatureAlgorithm.RS512, cryptoProvider);
jwtState.setKeyId(keyId);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(encodedState);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String state = authorizationResponse.getState();
// 3. Validate state
Jwt jwt = Jwt.parse(state);
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.RS512);
assertTrue(validJwt);
}
Aggregations