public static void assertOk(RegisterResponse registerResponse) { assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); } }
private RegisterResponse registerOpenIdClient() { logger.info("Registering OpenId client"); String clientName = this.appConfiguration.getApplicationName() + " client"; RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, clientName, Arrays.asList(this.appConfiguration.getOpenIdRedirectUrl())); registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS256); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_BASIC); RegisterClient registerClient = new RegisterClient(openIdConfiguration.getRegistrationEndpoint()); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); if ((response == null) || (response.getStatus() != 200)) { throw new ConfigurationException("Failed to register new client"); } return response; }
@Test public void requestClientRegistrationFail3() throws Exception { showTitle("requestClientRegistrationFail3"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", Arrays.asList("https://client.example.com/cb#fail_fragment")); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Test public void requestClientRegistrationFail2() throws Exception { showTitle("requestClientRegistrationFail2"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", null); // Missing redirect URIs showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Test public void requestClientRegistrationFail1() throws Exception { showTitle("requestClientRegistrationFail1"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(null, null, null); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Parameters({"userId", "userSecret", "redirectUris", "sectorIdentifierUri"}) @BeforeClass public void registerClient(final String userId, final String userSecret, String redirectUris, String sectorIdentifierUri) throws Exception { Reporter.log("Register client", true); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "user_name"); RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); this.clientId = registerResponse.getClientId(); this.clientSecret = registerResponse.getClientSecret(); }
@Parameters({"userId", "userSecret", "redirectUris", "sectorIdentifierUri"}) @BeforeClass public void registerClient(final String userId, final String userSecret, String redirectUris, String sectorIdentifierUri) throws Exception { Reporter.log("Register client", true); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN); List<String> scopes = Arrays.asList("openid", "profile", "address", "email", "user_name"); RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, scopes, sectorIdentifierUri); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); this.clientId = registerResponse.getClientId(); this.clientSecret = registerResponse.getClientSecret(); }
@Test public void requestClientAssociateInBlackList() throws Exception { showTitle("requestClientAssociateInBlackList"); final String redirectUris = "https://www.attacker.com"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Parameters({"redirectUri"}) @Test public void rejectRegistrationOfRedirectUriWithFragment(final String redirectUri) throws Exception { showTitle("OC5:FeatureTest-Reject Registration of redirect uri with Fragment"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUri + "#foo1=bar")); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getStatus()); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
/** * Fail: Register a client with Application Type <code>web</code> and Redirect URI with the schema HTTP. */ @Test public void applicationTypeWebFail1() throws Exception { showTitle("applicationTypeWebFail1"); final String redirectUris = "http://client.example.com/cb"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); }
/** * Fail: Register a client with Application Type <code>native</code> and Redirect URI with the schema HTTPS. */ @Test(enabled = false) //allowed to register redirect_uris with custom schema to conform "OAuth 2.0 for Native Apps" spec public void applicationTypeNativeFail1() throws Exception { showTitle("applicationTypeNativeFail1"); final String redirectUris = "https://client.example.com/cb"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.NATIVE, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); }
@Parameters({"sectorIdentifierUri"}) @Test public void rejectsSectorIdentifierNotContainingRegisteredRedirectUriValues(final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Rejects Sector Identifier Not Containing Registered redirect uri Values"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList("https://not_registered")); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getStatus()); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
/** * Fail: Register a client with Application Type <code>native</code> and Redirect URI with the host different than localhost. */ @Parameters({"redirectUris"}) @Test(enabled = false) //allowed to register redirect_uris with custom schema to conform "OAuth 2.0 for Native Apps" spec public void applicationTypeNativeFail2(final String redirectUris) throws Exception { showTitle("applicationTypeNativeFail2"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.NATIVE, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
@Test public void requestClientRegistrationFail1() throws Exception { showTitle("requestClientRegistrationFail1"); RegisterRequest registerRequest = new RegisterRequest(); registerRequest.setSoftwareStatement("INVALID_SOFTWARE_STATEMENT"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400); assertNotNull(response.getEntity()); assertNotNull(response.getErrorType()); assertNotNull(response.getErrorDescription()); }
@Test public void requestClientRegistrationFail2() throws Exception { showTitle("requestClientRegistrationFail2"); RegisterRequest registerRequest = new RegisterRequest(); // Test with invalid signature registerRequest.setSoftwareStatement("eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ4YmZhOGE0LWM4YTctNGEwOS1hZTk4LWJmMzI1ZDc0OTExOSJ9.eyJhcHBsaWNhdGlvbl90eXBlIjoid2ViIiwiY2xpZW50X25hbWUiOiJveEF1dGggdGVzdCBhcHAiLCJyZWRpcmVjdF91cmlzIjpbImh0dHBzOlwvXC9jZS5nbHV1LmluZm86ODQ0M1wvb3hhdXRoLXJwXC9ob21lLmh0bSIsImh0dHBzOlwvXC9jbGllbnQuZXhhbXBsZS5jb21cL2NiIiwiaHR0cHM6XC9cL2NsaWVudC5leGFtcGxlLmNvbVwvY2IxIiwiaHR0cHM6XC9cL2NsaWVudC5leGFtcGxlLmNvbVwvY2IyIl0sImNvbnRhY3RzIjpbImphdmllckBnbHV1Lm9yZyIsImphdmllci5yb2phcy5ibHVtQGdtYWlsLmNvbSJdLCJzY29wZSI6Im9wZW5pZCBhZGRyZXNzIHByb2ZpbGUgZW1haWwgcGhvbmUgY2xpZW50aW5mbyBpbnZhbGlkX3Njb3BlIiwibG9nb191cmkiOiJodHRwOlwvXC93d3cuZ2x1dS5vcmdcL3dwLWNvbnRlbnRcL3RoZW1lc1wvZ2x1dXJzblwvaW1hZ2VzXC9sb2dvLnBuZyIsInRva2VuX2VuZHBvaW50X2F1dGhfbWV0aG9kIjoiY2xpZW50X3NlY3JldF9qd3QiLCJwb2xpY3lfdXJpIjoiaHR0cDpcL1wvd3d3LmdsdXUub3JnXC9wb2xpY3kiLCJqd2tzX3VyaSI6Imh0dHA6XC9cL2xvY2FsaG9zdFwvb3hhdXRoLWNsaWVudFwvdGVzdFwvcmVzb3VyY2VzXC9qd2tzLmpzb24iLCJzZWN0b3JfaWRlbnRpZmllcl91cmkiOiJodHRwczpcL1wvY2UuZ2x1dS5pbmZvOjg0NDNcL3NlY3RvcmlkZW50aWZpZXJcL2E1NWVkZTI5LThmNWEtNDYxZC1iMDZlLTc2Y2FlZThkNDBiNSIsInN1YmplY3RfdHlwZSI6InBhaXJ3aXNlIiwicmVxdWVzdF91cmlzIjpbImh0dHA6XC9cL3d3dy5nbHV1Lm9yZ1wvcmVxdWVzdCJdLCJmcm9udGNoYW5uZWxfbG9nb3V0X3VyaSI6WyJodHRwczpcL1wvY2UuZ2x1dS5pbmZvOjg0NDNcL294YXV0aC1ycFwvaG9tZS5odG0iXSwiZnJvbnRjaGFubmVsX2xvZ291dF9zZXNzaW9uX3JlcXVpcmVkIjp0cnVlLCJpZF90b2tlbl9zaWduZWRfcmVzcG9uc2VfYWxnIjoiUlM1MTIiLCJpZF90b2tlbl9lbmNyeXB0ZWRfcmVzcG9uc2VfYWxnIjoiUlNBMV81IiwiaWRfdG9rZW5fZW5jcnlwdGVkX3Jlc3BvbnNlX2VuYyI6IkExMjhDQkMrSFMyNTYiLCJ1c2VyaW5mb19zaWduZWRfcmVzcG9uc2VfYWxnIjoiUlMzODQiLCJ1c2VyaW5mb19lbmNyeXB0ZWRfcmVzcG9uc2VfYWxnIjoiQTEyOEtXIiwidXNlcmluZm9fZW5jcnlwdGVkX3Jlc3BvbnNlX2VuYyI6IkExMjhHQ00iLCJyZXF1ZXN0X29iamVjdF9zaWduaW5nX2FsZyI6IlJTMjU2IiwicmVxdWVzdF9vYmplY3RfZW5jcnlwdGlvbl9hbGciOiJBMjU2S1ciLCJyZXF1ZXN0X29iamVjdF9lbmNyeXB0aW9uX2VuYyI6IkEyNTZDQkMrSFM1MTIiLCJ0b2tlbl9lbmRwb2ludF9hdXRoX3NpZ25pbmdfYWxnIjoiRVMyNTYiLCJzb2Z0d2FyZV9pZCI6Ijk0MDdlMWY2LTdkMmUtNDg0YS05NTg1LTY2NWI5MmY1NzgyNSIsInNvZnR3YXJlX3ZlcnNpb24iOiJ2ZXJzaW9uXzMuMS41In0.LtrjFNPRXHArcZbAv0vcYMcOdsQG8jZ0qkNPkmAQlHwyoJN1F3jv6OI8-rdu-55osStX39_NPYjpjHwzakhi3XN0pO_b1HL6sXAkhJ-UfQ7jNgtElfJ39b0maONdEJl4nblNhEho2-SbfO_OIOIFJha-OcsTS9-DUJ6umRNfaIoNhioFzrVj8rDK-MWNcXQNCKvj4IPgH2hW7adAuj6Du1k7BdtH-IeIVb1ZCjnOl9IETbq7wyc4xL6tILw40oelgVyyHCFbIWZOJJI8n59U8DlqIBqYx0lCOjIY-BH6DLxZ1PxGrXxqMRJx1h64Oh9QxuzK-GzUY4bFInnvv3Gf3g"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400); assertNotNull(response.getEntity()); assertNotNull(response.getErrorType()); assertNotNull(response.getErrorDescription()); } }
@Parameters({"redirectUris", "sectorIdentifierUri"}) @Test public void requestClientAssociate1(final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("requestClientAssociate1"); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); }
@Parameters({"redirectUris"}) @Test public void sectorIdentifierUrlVerificationFail1(final String redirectUris) throws Exception { showTitle("sectorIdentifierUrlVerificationFail1"); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri("https://INVALID_SECTOR_IDENTIFIER_URL"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Parameters({"redirectUris"}) @Test public void requestClientRegistrationFail4(final String redirectUris) throws Exception { showTitle("requestClientRegistrationFail4"); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE); // id_token signature cannot be none RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400); assertNotNull(response.getEntity()); assertNotNull(response.getErrorType()); assertNotNull(response.getErrorDescription()); }
@Parameters({"sectorIdentifierUri"}) @Test public void sectorIdentifierUrlVerificationFail2(final String sectorIdentifierUri) throws Exception { showTitle("sectorIdentifierUrlVerificationFail2"); String redirectUris = "https://INVALID_REDIRECT_URI https://client.example.com/cb https://client.example.com/cb1 https://client.example.com/cb2"; RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Test(dependsOnMethods = "requestClientAssociate") public void requestClientUpdate() throws Exception { showTitle("requestClientUpdate"); final String redirectUris = "https://www.attacker.com"; final RegisterRequest registerRequest = new RegisterRequest(registrationAccessToken1); registerRequest.setHttpMethod(HttpMethod.PUT); registerRequest.setRedirectUris(StringUtils.spaceSeparatedToList(redirectUris)); final RegisterClient registerClient = new RegisterClient(registrationClientUri1); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); final RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); } }