Search in sources :

Example 16 with ResponseType

use of org.xdi.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class OpenIDRequestObjectHttpTest method requestParameterMethodES384X509Cert.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestParameterMethodES384X509Cert(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodES384X509Cert");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setJwksUri(jwksUri);
    registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.ES384);
    registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
    assertNotNull(response.getClientId());
    assertNotNull(response.getClientSecret());
    assertNotNull(response.getRegistrationAccessToken());
    assertNotNull(response.getClientSecretExpiresAt());
    String clientId = response.getClientId();
    // 2. Request authorization
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    request.setState(state);
    request.setAuthUsername(userId);
    request.setAuthPassword(userSecret);
    request.getPrompts().add(Prompt.NONE);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.ES384, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    request.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(request);
    AuthorizationResponse response1 = authorizeClient.exec();
    showClient(authorizeClient);
    assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
    assertNotNull(response1.getLocation(), "The location is null");
    assertNotNull(response1.getAccessToken(), "The accessToken is null");
    assertNotNull(response1.getTokenType(), "The tokenType is null");
    assertNotNull(response1.getIdToken(), "The idToken is null");
    assertNotNull(response1.getState(), "The state is null");
    String accessToken = response1.getAccessToken();
    // 3. Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus());
    assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(response3.getClaim(JwtClaimName.NAME));
    assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.EMAIL));
    assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(response3.getClaim(JwtClaimName.LOCALE));
    assertNotNull(response3.getClaim(JwtClaimName.ADDRESS));
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 17 with ResponseType

use of org.xdi.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class OpenIDRequestObjectHttpTest method requestParameterMethod1.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestParameterMethod1(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethod1");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
    assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String accessToken = authorizationResponse.getAccessToken();
    // 3. Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS));
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 18 with ResponseType

use of org.xdi.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class OpenIDRequestObjectHttpTest method requestParameterMethodAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void requestParameterMethodAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) {
    try {
        showTitle("requestParameterMethodAlgRSAOAEPEncA256GCM");
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        // 1. Dynamic Client Registration
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setResponseTypes(responseTypes);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse response = registerClient.exec();
        showClient(registerClient);
        assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
        assertNotNull(response.getClientId());
        assertNotNull(response.getClientSecret());
        assertNotNull(response.getRegistrationAccessToken());
        assertNotNull(response.getClientSecretExpiresAt());
        String clientId = response.getClientId();
        // 2. Choose encryption key
        JwkClient jwkClient = new JwkClient(jwksUri);
        JwkResponse jwkResponse = jwkClient.exec();
        String keyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256);
        assertNotNull(keyId);
        // 3. Request authorization
        JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        request.setState(state);
        request.setAuthUsername(userId);
        request.setAuthPassword(userSecret);
        request.getPrompts().add(Prompt.NONE);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
        jwtAuthorizationRequest.setKeyId(keyId);
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
        jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
        String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
        request.setRequest(authJwt);
        AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
        authorizeClient.setRequest(request);
        AuthorizationResponse response1 = authorizeClient.exec();
        showClient(authorizeClient);
        assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
        assertNotNull(response1.getLocation(), "The location is null");
        assertNotNull(response1.getAccessToken(), "The accessToken is null");
        assertNotNull(response1.getTokenType(), "The tokenType is null");
        assertNotNull(response1.getIdToken(), "The idToken is null");
        assertNotNull(response1.getState(), "The state is null");
        String accessToken = response1.getAccessToken();
        // 4. Request user info
        UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
        UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus());
        assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(response3.getClaim(JwtClaimName.NAME));
        assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME));
        assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME));
        assertNotNull(response3.getClaim(JwtClaimName.EMAIL));
        assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO));
        assertNotNull(response3.getClaim(JwtClaimName.LOCALE));
        assertNotNull(response3.getClaim(JwtClaimName.ADDRESS));
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JSONObject(org.codehaus.jettison.json.JSONObject) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 19 with ResponseType

use of org.xdi.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class OpenIDRequestObjectHttpTest method requestParameterMethodRS384X509Cert.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestParameterMethodRS384X509Cert(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodRS384X509Cert");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Dynamic Client Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setJwksUri(jwksUri);
    registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS384);
    registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
    assertNotNull(response.getClientId());
    assertNotNull(response.getClientSecret());
    assertNotNull(response.getRegistrationAccessToken());
    assertNotNull(response.getClientSecretExpiresAt());
    String clientId = response.getClientId();
    // 2. Request authorization
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    request.setState(state);
    request.setAuthUsername(userId);
    request.setAuthPassword(userSecret);
    request.getPrompts().add(Prompt.NONE);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS384, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(keyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { "2" })));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    request.setRequest(authJwt);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(request);
    AuthorizationResponse response1 = authorizeClient.exec();
    showClient(authorizeClient);
    assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
    assertNotNull(response1.getLocation(), "The location is null");
    assertNotNull(response1.getAccessToken(), "The accessToken is null");
    assertNotNull(response1.getTokenType(), "The tokenType is null");
    assertNotNull(response1.getIdToken(), "The idToken is null");
    assertNotNull(response1.getState(), "The state is null");
    String accessToken = response1.getAccessToken();
    // 3. Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus());
    assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
    assertNotNull(response3.getClaim(JwtClaimName.NAME));
    assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME));
    assertNotNull(response3.getClaim(JwtClaimName.EMAIL));
    assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO));
    assertNotNull(response3.getClaim(JwtClaimName.LOCALE));
}
Also used : JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JwtAuthorizationRequest(org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest) Claim(org.xdi.oxauth.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 20 with ResponseType

use of org.xdi.oxauth.model.common.ResponseType in project oxAuth by GluuFederation.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterAlgRSA15EncA256CBCPLUSHS512.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void encodeClaimsInStateParameterAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("encodeClaimsInStateParameterAlgRSA15EncA256CBCPLUSHS512");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(clientJwksUri);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt(jwks);
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
    assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String state = authorizationResponse.getState();
    // 3. Decrypt state
    PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
    Jwe jwe = Jwe.parse(state, privateKey, null);
    assertNotNull(jwe.getClaims().getClaimAsString(KID));
    assertNotNull(jwe.getClaims().getClaimAsString(RFP));
    assertNotNull(jwe.getClaims().getClaimAsString(JTI));
    assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
    JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
    assertEquals(addClaims.getString("first_name"), "Javier");
    assertEquals(addClaims.getString("last_name"), "Rojas");
    assertEquals(addClaims.getInt("age"), 34);
    assertNotNull(addClaims.getJSONArray("more"));
    assertEquals(addClaims.getJSONArray("more").length(), 2);
}
Also used : PrivateKey(java.security.PrivateKey) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JSONObject(org.codehaus.jettison.json.JSONObject) Jwe(org.xdi.oxauth.model.jwe.Jwe) JwtState(org.xdi.oxauth.client.model.JwtState) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Aggregations

ResponseType (org.xdi.oxauth.model.common.ResponseType)266 Parameters (org.testng.annotations.Parameters)259 Test (org.testng.annotations.Test)258 BaseTest (org.xdi.oxauth.BaseTest)258 OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)123 Builder (javax.ws.rs.client.Invocation.Builder)120 Response (javax.ws.rs.core.Response)120 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)120 JSONException (org.codehaus.jettison.json.JSONException)95 JwtAuthorizationRequest (org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest)92 URISyntaxException (java.net.URISyntaxException)91 URI (java.net.URI)85 AuthorizationRequest (org.xdi.oxauth.client.AuthorizationRequest)85 Claim (org.xdi.oxauth.client.model.authorize.Claim)80 REGISTRATION_CLIENT_URI (org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI)73 RegisterResponse (org.xdi.oxauth.client.RegisterResponse)64 Jwt (org.xdi.oxauth.model.jwt.Jwt)64 JSONObject (org.codehaus.jettison.json.JSONObject)50 RegisterRequest (org.xdi.oxauth.client.RegisterRequest)35 RSAPublicKey (org.xdi.oxauth.model.crypto.signature.RSAPublicKey)33