Java tutorial
/* * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. * * Copyright (c) 2014, Gluu */ package org.xdi.oxauth.interop; import org.apache.http.client.CookieStore; import org.apache.http.impl.client.BasicCookieStore; import org.apache.http.impl.client.DefaultHttpClient; import org.jboss.resteasy.client.ClientExecutor; import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; import org.testng.annotations.Parameters; import org.testng.annotations.Test; import org.xdi.oxauth.BaseTest; import org.xdi.oxauth.client.*; import org.xdi.oxauth.client.model.authorize.Claim; import org.xdi.oxauth.client.model.authorize.ClaimValue; import org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest; import org.xdi.oxauth.dev.HostnameVerifierType; import org.xdi.oxauth.model.authorize.AuthorizeErrorResponseType; import org.xdi.oxauth.model.common.Prompt; import org.xdi.oxauth.model.common.ResponseType; import org.xdi.oxauth.model.crypto.signature.RSAPublicKey; import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm; import org.xdi.oxauth.model.jws.RSASigner; import org.xdi.oxauth.model.jwt.Jwt; import org.xdi.oxauth.model.jwt.JwtClaimName; import org.xdi.oxauth.model.jwt.JwtHeaderName; import org.xdi.oxauth.model.register.ApplicationType; import org.xdi.oxauth.model.util.StringUtils; import java.util.Arrays; import java.util.List; import java.util.UUID; import static org.testng.Assert.*; /** * OC5:FeatureTest-Support claims Request Specifying sub Value * If that user is logged in, the request succeeds, otherwise it fails. * * @author Javier Rojas Blum * @version June 19, 2015 */ public class SupportClaimsRequestSpecifyingSubValue extends BaseTest { @Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "hostnameVerifier" }) @Test public void supportClaimsRequestSpecifyingSubValueSucceed(final String userId, final String userSecret, final String redirectUri, final String redirectUris, String hostnameVerifier) throws Exception { showTitle("OC5:FeatureTest-Support claims Request Specifying sub Value (succeed)"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); DefaultHttpClient httpClient = createHttpClient(HostnameVerifierType.fromString(hostnameVerifier)); CookieStore cookieStore = new BasicCookieStore(); httpClient.setCookieStore(cookieStore); ClientExecutor clientExecutor = new ApacheHttpClient4Executor(httpClient); List<String> scopes = Arrays.asList("openid", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); // 2. Request authorization (first time) AuthorizationRequest authorizationRequest1 = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest1.setAuthUsername(userId); authorizationRequest1.setAuthPassword(userSecret); authorizationRequest1.getPrompts().add(Prompt.NONE); authorizationRequest1.setState(state); AuthorizeClient authorizeClient1 = new AuthorizeClient(authorizationEndpoint); authorizeClient1.setRequest(authorizationRequest1); AuthorizationResponse authorizationResponse1 = authorizeClient1.exec(clientExecutor); assertNotNull(authorizationResponse1.getLocation(), "The location is null"); assertNotNull(authorizationResponse1.getIdToken(), "The ID Token is null"); assertNotNull(authorizationResponse1.getAccessToken(), "The Access Token is null"); assertNotNull(authorizationResponse1.getState(), "The state is null"); assertNotNull(authorizationResponse1.getScope(), "The scope is null"); String sessionId = authorizationResponse1.getSessionId(); // 3. Request authorization AuthorizationRequest authorizationRequest2 = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); //authorizationRequest2.setAuthUsername(userId); //authorizationRequest2.setAuthPassword(userSecret); authorizationRequest2.getPrompts().add(Prompt.NONE); authorizationRequest2.setState(state); authorizationRequest2.setSessionId(sessionId); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest2, SignatureAlgorithm.HS256, clientSecret); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createNull())); jwtAuthorizationRequest .addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest2.setRequest(authJwt); AuthorizeClient authorizeClient2 = new AuthorizeClient(authorizationEndpoint); authorizeClient2.setRequest(authorizationRequest2); AuthorizationResponse authorizationResponse2 = authorizeClient2.exec(clientExecutor); assertNotNull(authorizationResponse2.getLocation(), "The location is null"); assertNotNull(authorizationResponse2.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse2.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse2.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse2.getState(), "The state is null"); String idToken = authorizationResponse2.getIdToken(); String accessToken = authorizationResponse2.getAccessToken(); // 4. Validate id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL)); RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey); assertTrue(rsaSigner.validate(jwt)); // 5. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus()); assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME)); } @Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "hostnameVerifier" }) @Test public void supportClaimsRequestSpecifyingSubValueFail(final String userId, final String userSecret, final String redirectUri, final String redirectUris, String hostnameVerifier) throws Exception { showTitle("OC5:FeatureTest-Support claims Request Specifying sub Value (fail)"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); String clientSecret = registerResponse.getClientSecret(); DefaultHttpClient httpClient = createHttpClient(HostnameVerifierType.fromString(hostnameVerifier)); CookieStore cookieStore = new BasicCookieStore(); httpClient.setCookieStore(cookieStore); ClientExecutor clientExecutor = new ApacheHttpClient4Executor(httpClient); // 2. Request authorization List<String> scopes = Arrays.asList("openid", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setAuthUsername(userId); authorizationRequest.setAuthPassword(userSecret); authorizationRequest.getPrompts().add(Prompt.NONE); authorizationRequest.setState(state); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createNull())); jwtAuthorizationRequest .addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId))); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); authorizationRequest.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authorizeClient.exec(); showClient(authorizeClient); assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus()); assertNotNull(authorizationResponse.getErrorType(), "The error type is null"); assertEquals(authorizationResponse.getErrorType(), AuthorizeErrorResponseType.USER_MISMATCHED); assertNotNull(authorizationResponse.getErrorDescription(), "The error description is null"); } }