org.gluu.oxauth.model.crypto.OxAuthCryptoProvider Java Examples
The following examples show how to use
org.gluu.oxauth.model.crypto.OxAuthCryptoProvider.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 6 votes |
@Parameters({"keyStoreFile", "keyStoreSecret", "dnName", "PS384_keyId"}) @Test public void jwtStatePS384Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception { showTitle("jwtStatePS384Test"); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String rfp = UUID.randomUUID().toString(); String jti = UUID.randomUUID().toString(); JwtState jwtState = new JwtState(SignatureAlgorithm.PS384, cryptoProvider); jwtState.setKeyId(keyId); jwtState.setRfp(rfp); jwtState.setJti(jti); jwtState.setAdditionalClaims(new JSONObject(additionalClaims)); String encodedState = jwtState.getEncodedJwt(); assertNotNull(encodedState); System.out.println("Signed JWS State: " + encodedState); Jwt jwt = Jwt.parse(encodedState); boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.PS384); assertTrue(validJwt); }
Example #2
Source File: TokenSignaturesHttpTest.java From oxAuth with MIT License | 6 votes |
@Test public void hs512() { try { showTitle("hs512"); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; String secret = "071d68a5-9eb0-47fb-8608-f54a0d9c8ede"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); String encodedSignature = cryptoProvider.sign(signingInput, null, secret, SignatureAlgorithm.HS512); System.out.println("Encoded Signature: " + encodedSignature); assertEquals(encodedSignature, "IZsXiRrRfP9eNFj6snm_MGEnrtfvX8vOF43Z-FuFkRj29y0WUaPR50IXRDI5uGatJvVdr_i7eJCJ4N_EwwrIhQ"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example #3
Source File: TokenSignaturesHttpTest.java From oxAuth with MIT License | 6 votes |
@Parameters({"clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testRS512(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) { try { showTitle("Test RS512"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS512); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS512); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example #4
Source File: JwtCrossCheckTest.java From oxAuth with MIT License | 6 votes |
private static String createOxauthJwt(OxAuthCryptoProvider cryptoProvider, String kid, SignatureAlgorithm algorithm) throws Exception { Jwt jwt = new Jwt(); jwt.getHeader().setKeyId(kid); jwt.getHeader().setType(JwtType.JWT); jwt.getHeader().setAlgorithm(algorithm); jwt.getClaims().setSubjectIdentifier("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5"); jwt.getClaims().setIssuer("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5"); jwt.getClaims().setExpirationTime(new Date(1575559276888000L)); jwt.getClaims().setIssuedAt(new Date(1575559276888000L)); jwt.getClaims().setAudience("https://gomer-vbox/oxauth/restv1/token"); String signature = cryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), null, algorithm); jwt.setEncodedSignature(signature); return jwt.toString(); }
Example #5
Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 6 votes |
@Parameters({"keyStoreFile", "keyStoreSecret", "dnName", "RS384_keyId"}) @Test public void jwtStateRS384Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception { showTitle("jwtStateRS384Test"); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String rfp = UUID.randomUUID().toString(); String jti = UUID.randomUUID().toString(); JwtState jwtState = new JwtState(SignatureAlgorithm.RS384, cryptoProvider); jwtState.setKeyId(keyId); jwtState.setRfp(rfp); jwtState.setJti(jti); jwtState.setAdditionalClaims(new JSONObject(additionalClaims)); String encodedState = jwtState.getEncodedJwt(); assertNotNull(encodedState); System.out.println("Signed JWS State: " + encodedState); Jwt jwt = Jwt.parse(encodedState); boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.RS384); assertTrue(validJwt); }
Example #6
Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 6 votes |
@Parameters({"keyStoreFile", "keyStoreSecret", "dnName", "ES256_keyId"}) @Test public void jwtStateES256Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception { showTitle("jwtStateES256Test"); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String rfp = UUID.randomUUID().toString(); String jti = UUID.randomUUID().toString(); JwtState jwtState = new JwtState(SignatureAlgorithm.ES256, cryptoProvider); jwtState.setKeyId(keyId); jwtState.setRfp(rfp); jwtState.setJti(jti); jwtState.setAdditionalClaims(new JSONObject(additionalClaims)); String encodedState = jwtState.getEncodedJwt(); assertNotNull(encodedState); System.out.println("Signed JWS State: " + encodedState); Jwt jwt = Jwt.parse(encodedState); boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.ES256); assertTrue(validJwt); }
Example #7
Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 6 votes |
@Test public void jwtStateHS384Test() throws Exception { showTitle("jwtStateHS384Test"); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); String sharedKey = "shared_key"; String rfp = UUID.randomUUID().toString(); String jti = UUID.randomUUID().toString(); JwtState jwtState = new JwtState(SignatureAlgorithm.HS384, sharedKey, cryptoProvider); jwtState.setRfp(rfp); jwtState.setJti(jti); jwtState.setAdditionalClaims(new JSONObject(additionalClaims)); String encodedState = jwtState.getEncodedJwt(); assertNotNull(encodedState); System.out.println("Signed JWS State: " + encodedState); Jwt jwt = Jwt.parse(encodedState); boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null, null, sharedKey, SignatureAlgorithm.HS384); assertTrue(validJwt); }
Example #8
Source File: JwtCrossCheckTest.java From oxAuth with MIT License | 5 votes |
@Parameters({ "dnName", "keyStoreFile", "keyStoreSecret" }) @Test public void rs384CrossCheck(final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { crossCheck(new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName), SignatureAlgorithm.RS384); }
Example #9
Source File: JwtCrossCheckTest.java From oxAuth with MIT License | 5 votes |
@Parameters({ "dnName", "keyStoreFile", "keyStoreSecret" }) @Test public void rs512CrossCheck(final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { crossCheck(new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName), SignatureAlgorithm.RS512); }
Example #10
Source File: JwtCrossCheckTest.java From oxAuth with MIT License | 5 votes |
@Parameters({ "dnName", "keyStoreFile", "keyStoreSecret" }) @Test public void rs256CrossCheck(final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { crossCheck(new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName), SignatureAlgorithm.RS256); }
Example #11
Source File: JwtCrossCheckTest.java From oxAuth with MIT License | 5 votes |
private static String getKeyIdByAlgorithm(SignatureAlgorithm algorithm, Use use, OxAuthCryptoProvider cryptoProvider) throws KeyStoreException { final List<String> aliases = cryptoProvider.getKeys(); for (String keyId : aliases) { if (keyId.endsWith(use.getParamName() + "_" + algorithm.getName().toLowerCase())) { return keyId; } } return null; }
Example #12
Source File: UserInfoRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "sectorIdentifierUri", "RSA1_5_keyId", "keyStoreFile", "keyStoreSecret"}) @Test public void requestUserInfoAlgRSA15EncA128CBCPLUSHS256( final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String jwksUri, final String sectorIdentifierUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) { try { showTitle("requestUserInfoAlgRSA15EncA128CBCPLUSHS256"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info (encrypted) OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken); UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setPrivateKey(privateKey); userInfoClient.setRequest(userInfoRequest); UserInfoResponse userInfoResponse = userInfoClient.exec(); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #13
Source File: TokenRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "clientJwksUri", "PS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void requestAccessTokenWithClientSecretJwtPS512( final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("requestAccessTokenWithClientSecretJwtPS512"); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setGrantTypes(grantTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.PS512); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setKeyId(keyId); tokenRequest.setAudience(tokenEndpoint); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); }
Example #14
Source File: CanProvideEncryptedIdTokenResponse.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void canProvideEncryptedIdTokenResponseAlgRSAOAEPEncA256GCM( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) { try { showTitle("OC5:FeatureTest-Can Provide Encrypted ID Token Response RSA_OAEP A256GCM"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setJwksUri(jwksUri); registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP); registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String idToken = authorizationResponse.getIdToken(); // 3. Read Encrypted ID Token OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); Jwe jwe = Jwe.parse(idToken, privateKey, null); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #15
Source File: TokenRestWebServiceWithRSAlgEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "requestAccessTokenWithClientSecretJwtRS256X509CertStep1") public void requestAccessTokenWithClientSecretJwtRS256X509CertStep2(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId4); tokenRequest.setAuthPassword(clientSecret4); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("requestAccessTokenWithClientSecretJwtRS256X509CertStep2", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("scope"), "Unexpected result: scope not found"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example #16
Source File: TokenRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void requestAccessTokenWithClientSecretJwtRS256X509Cert( final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("requestAccessTokenWithClientSecretJwtRS256X509Cert"); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setGrantTypes(grantTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setKeyId(keyId); tokenRequest.setAudience(tokenEndpoint); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); }
Example #17
Source File: OPRegistrationJwks.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUri", "postLogoutRedirectUri", "clientJwksUri", "userId", "userSecret", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void opRegistrationJwks( final String redirectUri, final String postLogoutRedirectUri, final String clientJwksUri, final String userId, final String userSecret, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { showTitle("opRegistrationJwks"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); List<GrantType> grantTypes = Arrays.asList(GrantType.AUTHORIZATION_CODE); List<String> contacts = Arrays.asList("[email protected]", "[email protected]"); // 1. Register client JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUri)); registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri)); registerRequest.setResponseTypes(responseTypes); registerRequest.setGrantTypes(grantTypes); registerRequest.setContacts(contacts); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.setJwks(jwkResponse.getJwks().toString()); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getRegistrationClientUri()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); assertNotNull(registerResponse.getResponseTypes()); assertTrue(registerResponse.getResponseTypes().containsAll(responseTypes)); assertNotNull(registerResponse.getGrantTypes()); assertTrue(registerResponse.getGrantTypes().containsAll(grantTypes)); assertNotNull(registerResponse.getClaims().get(RegisterRequestParam.JWKS.getName())); assertNotNull(registerResponse.getClaims().get(RegisterRequestParam.TOKEN_ENDPOINT_AUTH_METHOD.getName())); assertEquals(AuthenticationMethod.PRIVATE_KEY_JWT.toString(), registerResponse.getClaims().get(RegisterRequestParam.TOKEN_ENDPOINT_AUTH_METHOD.getName())); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization List<String> scopes = Arrays.asList("openid"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getState()); assertNotNull(authorizationResponse.getScope()); String authorizationCode = authorizationResponse.getCode(); // 3. Request access token using the authorization code. OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setCode(authorizationCode); tokenRequest.setRedirectUri(redirectUri); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setKeyId(keyId); tokenRequest.setAudience(tokenEndpoint); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); assertNotNull(tokenResponse.getIdToken(), "The id token is null"); }
Example #18
Source File: CanProvideEncryptedUserInfoResponse.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA1_5_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void canProvideEncryptedUserInfoResponseAlgRSA15EncA128CBCPLUSHS256( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) { try { showTitle("OC5:FeatureTest-Can Provide Encrypted UserInfo Response RSA1_5 A128CBC_PLUS_HS256"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setJwksUri(jwksUri); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setPrivateKey(privateKey); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS).containsAll(Arrays.asList( JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_REGION, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_COUNTRY))); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #19
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 4 votes |
/** * Call to Token Endpoint with Auth Method <code>client_secret_Jwt</code>. */ @Parameters({"tokenPath", "redirectUri", "audience", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = {"tokenEndpointAuthMethodClientSecretJwtStep3"}) public void tokenEndpointAuthMethodClientSecretJwtStep4(final String tokenPath, final String redirectUri, final String audience, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setKeyId(keyId); tokenRequest.setAudience(audience); tokenRequest.setCode(authorizationCode4); tokenRequest.setRedirectUri(redirectUri); tokenRequest.setAuthUsername(clientId4); tokenRequest.setAuthPassword(clientSecret4); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretJwtStep4", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertTrue( response.getHeaderString("Cache-Control") != null && response.getHeaderString("Cache-Control").equals("no-store"), "Unexpected result: " + response.getHeaderString("Cache-Control")); assertTrue(response.getHeaderString("Pragma") != null && response.getHeaderString("Pragma").equals("no-cache"), "Unexpected result: " + response.getHeaderString("Pragma")); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("access_token"), "Unexpected result: access_token not found"); assertTrue(jsonObj.has("token_type"), "Unexpected result: token_type not found"); assertTrue(jsonObj.has("refresh_token"), "Unexpected result: refresh_token not found"); assertTrue(jsonObj.has("id_token"), "Unexpected result: id_token not found"); } catch (Exception e) { fail(e.getMessage(), e); } }
Example #20
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 4 votes |
/** * Fail 3: Call to Token Endpoint with Auth Method * <code>private_key_jwt</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretPostStep2") public void tokenEndpointAuthMethodClientSecretPostFail3(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId3); tokenRequest.setAuthPassword(clientSecret3); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretPostFail3", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example #21
Source File: UserInfoRestWebServiceHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "clientJwksUri", "sectorIdentifierUri", "RSA_OAEP_keyId", "keyStoreFile", "keyStoreSecret"}) @Test public void requestUserInfoAlgRSAOAEPEncA256GCM( final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String jwksUri, final String sectorIdentifierUri, final String keyId, final String keyStoreFile, final String keyStoreSecret) { try { showTitle("requestUserInfoAlgRSAOAEPEncA256GCM"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setResponseTypes(responseTypes); registerRequest.setUserInfoEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP); registerRequest.setUserInfoEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); String accessToken = authorizationResponse.getAccessToken(); // 3. Request user info (encrypted) OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); UserInfoRequest userInfoRequest = new UserInfoRequest(accessToken); UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); userInfoClient.setPrivateKey(privateKey); userInfoClient.setRequest(userInfoRequest); UserInfoResponse userInfoResponse = userInfoClient.exec(); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #22
Source File: TokenEndpointAuthMethodRestrictionEmbeddedTest.java From oxAuth with MIT License | 4 votes |
/** * Fail 3: Call to Token Endpoint with Auth Method * <code>private_key_jwt</code> should fail. */ @Parameters({"tokenPath", "userId", "userSecret", "audience", "RS256_keyId", "keyStoreFile", "keyStoreSecret"}) @Test(dependsOnMethods = "tokenEndpointAuthMethodClientSecretBasicStep2") public void tokenEndpointAuthMethodClientSecretBasicFail3(final String tokenPath, final String userId, final String userSecret, final String audience, final String keyId, final String keyStoreFile, final String keyStoreSecret) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + tokenPath).request(); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setKeyId(keyId); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setAudience(audience); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("email read_stream manage_pages"); tokenRequest.setAuthUsername(clientId2); tokenRequest.setAuthPassword(clientSecret2); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request .post(Entity.form(new MultivaluedHashMap<String, String>(tokenRequest.getParameters()))); String entity = response.readEntity(String.class); showResponse("tokenEndpointAuthMethodClientSecretBasicFail3", response, entity); assertEquals(response.getStatus(), 401, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
Example #23
Source File: UserInfoRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"authorizePath", "userId", "userSecret", "redirectUri"}) @Test(dependsOnMethods = "requestUserInfoHS256Step1") public void requestUserInfoHS256Step2(final String authorizePath, final String userId, final String userSecret, final String redirectUri) throws Exception { final String state = UUID.randomUUID().toString(); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN); List<String> scopes = Arrays.asList("openid", "profile", "email"); String nonce = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId1, scopes, redirectUri, nonce); authorizationRequest.setState(state); authorizationRequest.getPrompts().add(Prompt.NONE); authorizationRequest.setAuthUsername(userId); authorizationRequest.setAuthPassword(userSecret); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret1, cryptoProvider); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); System.out.println("Request JWT: " + authJwt); Builder request = ResteasyClientBuilder.newClient() .target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request(); request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials()); request.header("Accept", MediaType.TEXT_PLAIN); Response response = request.get(); String entity = response.readEntity(String.class); showResponse("requestUserInfoHS256Step2", response, entity); assertEquals(response.getStatus(), 302, "Unexpected response code."); assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation()); try { URI uri = new URI(response.getLocation().toString()); assertNotNull(uri.getFragment(), "Query string is null"); Map<String, String> params = QueryStringDecoder.decode(uri.getFragment()); assertNotNull(params.get(AuthorizeResponseParam.ACCESS_TOKEN), "The accessToken is null"); assertNotNull(params.get(AuthorizeResponseParam.SCOPE), "The scope is null"); assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null"); assertEquals(params.get(AuthorizeResponseParam.STATE), state); accessToken5 = params.get(AuthorizeResponseParam.ACCESS_TOKEN); } catch (URISyntaxException e) { e.printStackTrace(); fail("Response URI is not well formed"); } }
Example #24
Source File: TokenEncryptionHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) //@Test // Before run this test, set openidScopeBackwardCompatibility to true @Deprecated public void requestIdTokenAlgRSA15EncA256CBCPLUSHS512( final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) { try { showTitle("requestIdTokenAlgRSA15EncA256CBCPLUSHS512"); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5); registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setGrantTypes(grantTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); String clientId = response.getClientId(); String clientSecret = response.getClientSecret(); // 2. Request authorization TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("openid"); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); assertNotNull(tokenResponse.getScope(), "The scope is null"); assertNotNull(tokenResponse.getIdToken(), "The id token is null"); String idToken = tokenResponse.getIdToken(); // 3. Read Encrypted ID Token OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); Jwe jwe = Jwe.parse(idToken, privateKey, null); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #25
Source File: TokenEncryptionHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_enc_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) //@Test // Before run this test, set openidScopeBackwardCompatibility to true @Deprecated public void requestIdTokenAlgRSA15EncA128CBCPLUSHS256( final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) { try { showTitle("requestIdTokenAlgRSA15EncA128CBCPLUSHS256"); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setJwksUri(jwksUri); registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5); registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setGrantTypes(grantTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); String clientId = response.getClientId(); String clientSecret = response.getClientSecret(); // 2. Request authorization TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS); tokenRequest.setUsername(userId); tokenRequest.setPassword(userSecret); tokenRequest.setScope("openid"); tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); assertNotNull(tokenResponse.getScope(), "The scope is null"); assertNotNull(tokenResponse.getIdToken(), "The id token is null"); String idToken = tokenResponse.getIdToken(); // 3. Read Encrypted ID Token OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null); PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId); Jwe jwe = Jwe.parse(idToken, privateKey, null); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION)); } catch (Exception ex) { fail(ex.getMessage(), ex); } }
Example #26
Source File: RequestingUserInfoClaimsWithOpenIdRequestObject.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void requestingUserInfoClaimsWithOpenIdRequestObject( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Requesting UserInfo Claims with OpenID Request Object"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret, cryptoProvider); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String idToken = authorizationResponse.getIdToken(); String accessToken = authorizationResponse.getAccessToken(); // 3. Validate id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); RSAPublicKey publicKey = JwkClient.getRSAPublicKey( jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey); assertTrue(rsaSigner.validate(jwt)); // 4. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.LOCALE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.PICTURE)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS)); }
Example #27
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void requestParameterMethod4( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethod4"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(); List<String> scopes = Arrays.asList("openid"); String state = UUID.randomUUID().toString(); String nonce = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest( authorizationRequest, SignatureAlgorithm.HS384, clientSecret, cryptoProvider); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); }
Example #28
Source File: SupportAuthenticationToTokenEndpointWithAsymmetricallySignedJWTs.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri", "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void supportAuthenticationToTokenEndpointWithAsymmetricallySignedJWTsES512( final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { showTitle("OC5:FeatureTest-Support Authentication to Token Endpoint with Asymmetrically Signed JWTs (ES512)"); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setJwksUri(clientJwksUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getCode()); assertNotNull(authorizationResponse.getState()); String authorizationCode = authorizationResponse.getCode(); // 3. Get Access Token OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.ES512); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setKeyId(keyId); tokenRequest.setAudience(tokenEndpoint); tokenRequest.setCode(authorizationCode); tokenRequest.setRedirectUri(redirectUri); tokenRequest.setAuthUsername(clientId); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); }
Example #29
Source File: SupportAuthenticationToTokenEndpointWithAsymmetricallySignedJWTs.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void supportAuthenticationToTokenEndpointWithAsymmetricallySignedJWTsRS256( final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { showTitle("OC5:FeatureTest-Support Authentication to Token Endpoint with Asymmetrically Signed JWTs (RS256)"); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setJwksUri(clientJwksUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getCode()); assertNotNull(authorizationResponse.getState()); String authorizationCode = authorizationResponse.getCode(); // 3. Get Access Token OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setKeyId(keyId); tokenRequest.setAudience(tokenEndpoint); tokenRequest.setCode(authorizationCode); tokenRequest.setRedirectUri(redirectUri); tokenRequest.setAuthUsername(clientId); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); }
Example #30
Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId"}) @Test public void encodeClaimsInStateParameterRS256( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception { showTitle("encodeClaimsInStateParameterRS256"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String rfp = UUID.randomUUID().toString(); String jti = UUID.randomUUID().toString(); JwtState jwtState = new JwtState(SignatureAlgorithm.RS256, cryptoProvider); jwtState.setKeyId(keyId); jwtState.setRfp(rfp); jwtState.setJti(jti); jwtState.setAdditionalClaims(new JSONObject(additionalClaims)); String encodedState = jwtState.getEncodedJwt(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(encodedState); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String state = authorizationResponse.getState(); // 3. Validate state Jwt jwt = Jwt.parse(state); boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.RS256); assertTrue(validJwt); }