public static void assertOk(RegisterResponse registerResponse) { assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); } }
public static void assert_(RegisterResponse p_response) { assertNotNull(p_response); assertNotBlank(p_response.getClientId()); assertNotBlank(p_response.getClientSecret()); assertNotBlank(p_response.getRegistrationAccessToken()); assertNotBlank(p_response.getRegistrationClientUri()); assertNotNull(p_response.getClientIdIssuedAt()); assertNotNull(p_response.getClientSecretExpiresAt()); } }
public void injectDataFromJson() { injectDataFromJson(getEntity()); }
private void initClient() { if (this.preRegisteredClient) { return; } long now = System.currentTimeMillis(); // Register new client if the previous one is missing or expired if (!isValidClient(now)) { clientLock.lock(); try { now = System.currentTimeMillis(); if (!isValidClient(now)) { RegisterResponse clientRegisterResponse = registerOpenIdClient(); this.clientId = clientRegisterResponse.getClientId(); this.clientSecret = clientRegisterResponse.getClientSecret(); this.clientExpiration = clientRegisterResponse.getClientSecretExpiresAt().getTime(); } } finally { clientLock.unlock(); } } }
@Test public void requestClientRegistrationFail2() throws Exception { showTitle("requestClientRegistrationFail2"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", null); // Missing redirect URIs showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
RegisterResponse response = client.exec(); if (response.getStatus() == 200) { registrationClientUri = response.getRegistrationClientUri(); registrationAccessToken = response.getRegistrationAccessToken(); authorizationAction.setClientId(response.getClientId()); authorizationAction.setClientSecret(response.getClientSecret()); if (request.getRedirectUris() != null && request.getRedirectUris().size() > 0) { authorizationAction.setRedirectUri(request.getRedirectUris().get(0)); tokenAction.setClientId(response.getClientId()); tokenAction.setClientSecret(response.getClientSecret());
@Test(dependsOnMethods = "requestClientAssociate2") public void requestClientUpdate() throws Exception { showTitle("requestClientUpdate"); final String logoUriNewValue = "http://www.gluu.org/test/yuriy/logo.png"; final String contact1NewValue = "yuriy@gluu.org"; final String contact2NewValue = "yuriyz@gmail.com"; final RegisterRequest registerRequest = new RegisterRequest(registrationAccessToken1); registerRequest.setHttpMethod(HttpMethod.PUT); registerRequest.setContacts(Arrays.asList(contact1NewValue, contact2NewValue)); registerRequest.setLogoUri(logoUriNewValue); final RegisterClient registerClient = new RegisterClient(registrationClientUri1); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); final RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); // check whether info is really updated final String responseContacts = response.getClaims().get(CONTACTS.toString()); final String responseLogoUri = response.getClaims().get(LOGO_URI.toString()); assertTrue(responseContacts.contains(contact1NewValue) && responseContacts.contains(contact2NewValue)); assertNotNull(responseLogoUri.equals(logoUriNewValue)); }
@Parameters({"registerPath", "redirectUris"}) @Test public void dynamicClientRegistration(final String registerPath, final String redirectUris) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request(); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.TOKEN, ResponseType.ID_TOKEN); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); registerRequest.setGrantTypes(grantTypes); String registerRequestContent = registerRequest.getJSONParameters().toString(4); Response response = request.post(Entity.json(registerRequestContent)); String entity = response.readEntity(String.class); showResponse("dynamicClientRegistration", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity); assertNotNull(entity, "Unexpected result: " + entity); try { final RegisterResponse registerResponse = RegisterResponse.valueOf(entity); ClientTestUtil.assert_(registerResponse); clientId = registerResponse.getClientId(); clientSecret = registerResponse.getClientSecret(); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
@Parameters({"registerPath", "redirectUris"}) @Test public void requestClientAssociate1(final String registerPath, final String redirectUris) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request(); String registerRequestContent = null; try { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setClaimsRedirectUris(StringUtils.spaceSeparatedToList(redirectUris)); registerRequestContent = registerRequest.getJSONParameters().toString(4); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage()); } Response response = request.post(Entity.json(registerRequestContent)); String entity = response.readEntity(String.class); showResponse("requestClientAssociate1", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity); assertNotNull(entity, "Unexpected result: " + entity); try { final RegisterResponse registerResponse = RegisterResponse.valueOf(entity); ClientTestUtil.assert_(registerResponse); registrationAccessToken1 = registerResponse.getRegistrationAccessToken(); registrationClientUri1 = registerResponse.getRegistrationClientUri(); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
@Parameters({"redirectUri"}) @Test public void rejectRegistrationOfRedirectUriWithFragment(final String redirectUri) throws Exception { showTitle("OC5:FeatureTest-Reject Registration of redirect uri with Fragment"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUri + "#foo1=bar")); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getStatus()); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void tokenBindingWithImplicitFlow(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("tokenBindingWithImplicitFlow"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN ); List<GrantType> grantTypes = Arrays.asList( GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS ); // 1. Register client RegisterResponse registerResponse = registerClient(redirectUri, responseTypes, grantTypes, sectorIdentifierUri); String clientId = registerResponse.getClientId(); // 2. Request authorization AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, clientId); Jwt jwt = Jwt.parse(authorizationResponse.getIdToken()); Assert.assertEquals(EXPECTED_ID_HASH, jwt.getClaims().getClaimAsJSON(JwtClaimName.CNF).optString(JwtClaimName.TOKEN_BINDING_HASH)); }
private RegisterResponse registerOpenIdClient() { logger.info("Registering OpenId client"); String clientName = this.appConfiguration.getApplicationName() + " client"; RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, clientName, Arrays.asList(this.appConfiguration.getOpenIdRedirectUrl())); registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS256); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); RegisterClient registerClient = new RegisterClient(openIdConfiguration.getRegistrationEndpoint()); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); if ((response == null) || (response.getStatus() != 200)) { throw new ConfigurationException("Failed to register new client"); } return response; }
@Test public void requestClientRegistrationFail1() throws Exception { showTitle("requestClientRegistrationFail1"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(null, null, null); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertTrue(response.getClaims().containsKey(CLIENT_NAME.toString())); assertEquals(clientName, response.getClaims().get(CLIENT_NAME.toString())); JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getClaims().get(SCOPE.toString()))); List<String> scopes = new ArrayList<String>(); for (int i = 0; i < scopesJsonArray.length(); i++) {
@Parameters({"registerPath", "redirectUris"}) @Test public void dynamicClientRegistration(final String registerPath, final String redirectUris) throws Exception { Builder request = ResteasyClientBuilder.newClient().target(url.toString() + registerPath).request(); String registerRequestContent = null; try { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequestContent = registerRequest.getJSONParameters().toString(4); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage()); } Response response = request.post(Entity.json(registerRequestContent)); String entity = response.readEntity(String.class); showResponse("dynamicClientRegistration", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code. " + entity); assertNotNull(entity, "Unexpected result: " + entity); try { final RegisterResponse registerResponse = RegisterResponse.valueOf(entity); ClientTestUtil.assert_(registerResponse); clientId = registerResponse.getClientId(); clientSecret = registerResponse.getClientSecret(); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
@Parameters({"sectorIdentifierUri"}) @Test public void rejectsSectorIdentifierNotContainingRegisteredRedirectUriValues(final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Rejects Sector Identifier Not Containing Registered redirect uri Values"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList("https://not_registered")); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getStatus()); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
/** * Test for the complete Authorization Code Flow. */ @Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"}) @Test public void accessTokenAsJwt( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("accessTokenAsJwt"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN, ResponseType.TOKEN); List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "phone", "user_name"); RegisterResponse registerResponse = registerClient(redirectUri, responseTypes, scopes); String clientId = registerResponse.getClientId(); // Request authorization and receive the authorization code. String nonce = UUID.randomUUID().toString(); AuthorizationResponse authorizationResponse = requestAuthorization(userId, userSecret, redirectUri, responseTypes, scopes, clientId, nonce); String accessToken = authorizationResponse.getAccessToken(); // Validate access token as jwt Jwt jwt = Jwt.parse(accessToken); assertEquals(clientId, jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString("scope")); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); }
@Parameters({"userId", "userSecret", "redirectUris", "sectorIdentifierUri"}) @BeforeClass public void registerClient(final String userId, final String userSecret, String redirectUris, String sectorIdentifierUri) throws Exception { Reporter.log("Register client", true); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "user_name"); RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); this.clientId = registerResponse.getClientId(); this.clientSecret = registerResponse.getClientSecret(); }
@Test public void requestClientRegistrationFail3() throws Exception { showTitle("requestClientRegistrationFail3"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", Arrays.asList("https://client.example.com/cb#fail_fragment")); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Parameters({"userId", "userSecret", "redirectUris", "sectorIdentifierUri"}) @BeforeClass public void registerClient(final String userId, final String userSecret, String redirectUris, String sectorIdentifierUri) throws Exception { Reporter.log("Register client", true); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "user_name"); RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); this.clientId = registerResponse.getClientId(); this.clientSecret = registerResponse.getClientSecret(); }