@Test public void requestJwks() throws Exception { showTitle("requestJwks"); JwkClient jwkClient = new JwkClient(jwksUri); JwkResponse response = jwkClient.exec(); showClient(jwkClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "Unexpected result: entity is null"); assertNotNull(response.getJwks(), "Unexpected result: jwks is null"); assertNotNull(response.getJwks().getKeys(), "Unexpected result: keys is null"); assertTrue(response.getJwks().getKeys().size() > 0, "Unexpected result: keys is empty"); for (JSONWebKey JSONWebKey : response.getJwks().getKeys()) { assertNotNull(JSONWebKey.getKid(), "Unexpected result: kid is null"); assertNotNull(JSONWebKey.getUse(), "Unexpected result: use is null"); } }
@Parameters({"clientJwksUri"}) @Test public void requestClientJwks(final String clientJwksUri) throws Exception { showTitle("requestJwks"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse response = jwkClient.exec(); showClient(jwkClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "Unexpected result: entity is null"); assertNotNull(response.getJwks(), "Unexpected result: jwks is null"); assertNotNull(response.getJwks().getKeys(), "Unexpected result: keys is null"); assertTrue(response.getJwks().getKeys().size() > 0, "Unexpected result: keys is empty"); for (JSONWebKey JSONWebKey : response.getJwks().getKeys()) { assertNotNull(JSONWebKey.getKid(), "Unexpected result: kid is null"); assertNotNull(JSONWebKey.getUse(), "Unexpected result: use is null"); } } }
@Parameters({"clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testRS512(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test RS512"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS512); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS512); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
@Parameters({"clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testRS256(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test RS256"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS256); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS256); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
@Parameters({"clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testRS384(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test RS384"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS384); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS384); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
@Parameters({"clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testES256(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test ES256"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES256); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES256); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
@Parameters({"clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testES384(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test ES384"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES384); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES384); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
@Parameters({"clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testES512(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test ES512"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES512); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES512); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
registerRequest.setContacts(contacts); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.setJwks(jwkResponse.getJwks().toString());
jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES384); assertTrue(validJwt);
jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES512); assertTrue(validJwt);
jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES256); assertTrue(validJwt);
jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS256); assertTrue(validJwt);
jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS384); assertTrue(validJwt);
jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS512); assertTrue(validJwt);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT); softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy"); softwareStatement.getClaims().put(JWKS.toString(), jwkResponse.getJwks().toString()); softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri); softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);