Example 91 with OxAuthCryptoProvider
use of org.xdi.oxauth.model.crypto.OxAuthCryptoProvider in project oxAuth by GluuFederation.
the class TokenRestWebServiceHttpTest method requestAccessTokenWithClientSecretJwtHS512.
@Parameters({ "redirectUris", "userId", "userSecret", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestAccessTokenWithClientSecretJwtHS512(final String redirectUris, final String userId, final String userSecret, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestAccessTokenWithClientSecretJwtHS512");
// Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
tokenRequest.setUsername(userId);
tokenRequest.setPassword(userSecret);
tokenRequest.setScope("openid");
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
tokenRequest.setCryptoProvider(cryptoProvider);
tokenRequest.setAlgorithm(SignatureAlgorithm.HS512);
tokenRequest.setAudience(tokenEndpoint);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse response1 = tokenClient.exec();
showClient(tokenClient);
assertEquals(response1.getStatus(), 200, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getEntity(), "The entity is null");
assertNotNull(response1.getAccessToken(), "The access token is null");
assertNotNull(response1.getTokenType(), "The token type is null");
assertNotNull(response1.getRefreshToken(), "The refresh token is null");
assertNotNull(response1.getScope(), "The scope is null");
assertNotNull(response1.getIdToken(), "The id token is null");
}
Also used :
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 92 with OxAuthCryptoProvider
use of org.xdi.oxauth.model.crypto.OxAuthCryptoProvider in project oxAuth by GluuFederation.
the class TokenSignaturesHttpTest method hs256.
@Test
public void hs256() throws InvalidKeyException, NoSuchAlgorithmException {
try {
showTitle("hs256");
String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19";
String secret = "071d68a5-9eb0-47fb-8608-f54a0d9c8ede";
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
String encodedSignature = cryptoProvider.sign(signingInput, null, secret, SignatureAlgorithm.HS256);
System.out.println("Encoded Signature: " + encodedSignature);
assertEquals(encodedSignature, "BQwm1HCz0cjHYbulWMumkhZgyb2dD93uScXmC6Fv8Ik");
} catch (Exception e) {
fail(e.getMessage(), e);
}
}
Also used :
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 93 with OxAuthCryptoProvider
use of org.xdi.oxauth.model.crypto.OxAuthCryptoProvider in project oxAuth by GluuFederation.
the class TokenSignaturesHttpTest method testES512.
@Parameters({ "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testES512(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException {
try {
showTitle("Test ES512");
JwkClient jwkClient = new JwkClient(clientJwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19";
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES512);
System.out.println("Encoded Signature: " + encodedSignature);
boolean signatureVerified = cryptoProvider.verifySignature(signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES512);
assertTrue(signatureVerified, "Invalid signature");
} catch (Exception e) {
fail(e.getMessage(), e);
}
}
Also used :
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 94 with OxAuthCryptoProvider
use of org.xdi.oxauth.model.crypto.OxAuthCryptoProvider in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceHttpTest method requestUserInfoAlgRSA15EncA128CBCPLUSHS256.
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "sectorIdentifierUri", "RS256_keyId", "keyStoreFile", "keyStoreSecret" })
@Test
public void requestUserInfoAlgRSA15EncA128CBCPLUSHS256(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String jwksUri, final String sectorIdentifierUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) {
try {
showTitle("requestUserInfoAlgRSA15EncA128CBCPLUSHS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setResponseTypes(responseTypes);
registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId);
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info (encrypted)
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setPrivateKey(privateKey);
userInfoClient.setRequest(userInfoRequest);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
ResponseType(org.xdi.oxauth.model.common.ResponseType)
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 95 with OxAuthCryptoProvider
use of org.xdi.oxauth.model.crypto.OxAuthCryptoProvider in project oxAuth by GluuFederation.
the class UserInfoRestWebServiceHttpTest method requestUserInfoAlgRSAOAEPEncA256GCM.
@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "sectorIdentifierUri", "RS256_keyId", "keyStoreFile", "keyStoreSecret" })
@Test
public void requestUserInfoAlgRSAOAEPEncA256GCM(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String jwksUri, final String sectorIdentifierUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) {
try {
showTitle("requestUserInfoAlgRSAOAEPEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setJwksUri(jwksUri);
registerRequest.setResponseTypes(responseTypes);
registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
registerRequest.setSubjectType(SubjectType.PAIRWISE);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId);
String accessToken = authorizationResponse.getAccessToken();
// 3. Request user info (encrypted)
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken);
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
userInfoClient.setPrivateKey(privateKey);
userInfoClient.setRequest(userInfoRequest);
UserInfoResponse userInfoResponse = userInfoClient.exec();
showClient(userInfoClient);
assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE));
} catch (Exception ex) {
fail(ex.getMessage(), ex);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
ResponseType(org.xdi.oxauth.model.common.ResponseType)
OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Aggregations
OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)206
Test (org.testng.annotations.Test)203
BaseTest (org.xdi.oxauth.BaseTest)203
Parameters (org.testng.annotations.Parameters)196
ResponseType (org.xdi.oxauth.model.common.ResponseType)123
JwtAuthorizationRequest (org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest)82
Claim (org.xdi.oxauth.client.model.authorize.Claim)79
Builder (javax.ws.rs.client.Invocation.Builder)60
Response (javax.ws.rs.core.Response)60
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)60
JSONException (org.codehaus.jettison.json.JSONException)58
JSONObject (org.codehaus.jettison.json.JSONObject)51
URISyntaxException (java.net.URISyntaxException)42
AuthorizationRequest (org.xdi.oxauth.client.AuthorizationRequest)41
URI (java.net.URI)39
REGISTRATION_CLIENT_URI (org.xdi.oxauth.model.register.RegisterResponseParam.REGISTRATION_CLIENT_URI)39
Jwt (org.xdi.oxauth.model.jwt.Jwt)36
JwtState (org.xdi.oxauth.client.model.JwtState)25
MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)21
TokenRequest (org.xdi.oxauth.client.TokenRequest)20
