OAuth2AuthorizationServerInterceptorOpenidTest.java

/*
 * Copyright 2016 predic8 GmbH, www.predic8.com
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *    http://www.apache.org/licenses/LICENSE-2.0
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

package com.predic8.membrane.core.interceptor.oauth2;

import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.authentication.session.SessionManager;
import com.predic8.membrane.core.util.Util;
import com.predic8.membrane.core.util.functionalInterfaces.Consumer;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

import javax.mail.internet.ParseException;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.regex.Pattern;

import static org.junit.Assert.assertEquals;

@RunWith(Parameterized.class)
public class OAuth2AuthorizationServerInterceptorOpenidTest extends OAuth2AuthorizationServerInterceptorBase {

    @Before
    public void setUp() throws Exception{
        super.setUp();
    }

    @Parameterized.Parameters(name = "{0}")
    public static Collection<Object[]> data() throws Exception {
        return Arrays.asList(new Object[][] {
                testGoodAuthRequest(),
                testGoodGrantedAuthCode(),
                testGoodTokenRequest(),
                testGoodUserinfoRequest()
        });
    }

    private static Object[] testGoodUserinfoRequest() throws Exception {
        return new Object[]{"testGoodUserinfoRequest", runUntilGoodTokenOpenidRequest(),getMockUserinfoRequest(),200,userinfoOpenidRequestPostprocessing()};
    }

    private static Object[] testGoodTokenRequest() throws Exception {
        return new Object[]{"testGoodTokenRequest", runUntilGoodGrantedAuthCodeOpenid(),getMockTokenRequest(),200, validateIdTokenAndGetTokenAndTokenTypeFromResponse()};
    }

    private static Object[] testGoodGrantedAuthCode() throws Exception {
        return new Object[]{"testGoodGrantedAuthCode", runUntilGoodAuthOpenidRequest(), getMockEmptyEndpointRequest(), 307, getCodeFromResponse()};
    }

    private static Object[] testGoodAuthRequest() {
        return new Object[]{"testGoodAuthRequest", noPreprocessing(), getMockAuthOpenidRequestExchange(),307, loginAsJohnOpenid()};
    }

    private static Consumer<Exchange> loginAsJohnOpenid() {
        return new Consumer<Exchange>() {
            @Override
            public void call(Exchange exc) throws Exception {
                loginAsJohn().call(exc);
                SessionManager.Session s = oasi.getSessionManager().getOrCreateSession(exc);
                Map<String, String> userAttributes = s.getUserAttributes();
                synchronized (userAttributes) {
                    userAttributes.put(ParamNames.SCOPE, "openid");
                    userAttributes.put(ParamNames.CLAIMS, OAuth2TestUtil.getMockClaims());
                    userAttributes.put("consent", "true");
                }
            }
        };
    }

    public static Callable<Exchange> getMockAuthOpenidRequestExchange() {
        return new Callable<Exchange>() {
            @Override
            public Exchange call() throws Exception {
                Exchange exc = getMockAuthRequestExchange().call();
                exc.getRequest().setUri(exc.getRequest().getUri()+ "&claims=" + OAuth2Util.urlencode(OAuth2TestUtil.getMockClaims()));
                exc.getRequest().setUri(exc.getRequest().getUri().replaceFirst(Pattern.quote("scope=profile"),"scope=" + OAuth2Util.urlencode("openid")));
                exc.getRequest().getHeader().add("Cookie",oasi.getSessionManager().getCookieName() + "=" + OAuth2TestUtil.sessionId);
                return exc;
            }
        };
    }

    private static Consumer<Exchange> validateIdTokenAndGetTokenAndTokenTypeFromResponse() {
        return new Consumer<Exchange>() {
            @Override
            public void call(Exchange exc) throws Exception {
                assertEquals(true,idTokenIsValid(exc.getResponse()));
                getTokenAndTokenTypeFromResponse().call(exc);
            }
        };
    }

    private static boolean idTokenIsValid(Response response) throws IOException, ParseException {
        // TODO: currently only checks if signature is valid -> also check if requested claims are in it
        HashMap<String, String> json = Util.parseSimpleJSONResponse(response);
        try {
            oasi.getJwtGenerator().getClaimsFromSignedIdToken(json.get(ParamNames.ID_TOKEN), oasi.getIssuer(), "abc");
            return true;
        } catch (InvalidJwtException e) {
            return false;
        }
    }

    private static Consumer<Exchange> userinfoOpenidRequestPostprocessing() throws IOException, ParseException {
        return new Consumer<Exchange>() {
            @Override
            public void call(Exchange exchange) throws Exception {
                HashMap<String, String> json = Util.parseSimpleJSONResponse(exc.getResponse());
                assertEquals("e@mail.com",json.get("email"));
            }
        };
    }
}