/* * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. * * Copyright (c) 2014, Gluu */ package org.xdi.oxauth.interop; import org.testng.annotations.Parameters; import org.testng.annotations.Test; import org.xdi.oxauth.BaseTest; import org.xdi.oxauth.client.*; import org.xdi.oxauth.model.common.AuthenticationMethod; import org.xdi.oxauth.model.common.GrantType; import org.xdi.oxauth.model.common.ResponseType; import org.xdi.oxauth.model.crypto.OxAuthCryptoProvider; import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm; import org.xdi.oxauth.model.register.ApplicationType; import org.xdi.oxauth.model.util.StringUtils; import java.util.Arrays; import java.util.List; import java.util.UUID; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNotNull; /** * OC5:FeatureTest-Can Make Access Token Request with private key jwt Authentication * * @author Javier Rojas Blum * @version June 15, 2016 */ public class CanMakeAccessTokenRequestWithPrivateKeyJwtAuthentication extends BaseTest { @Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void canMakeAccessTokenRequestWithPrivateKeyJwtAuthentication( final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception { showTitle("OC5:FeatureTest-Can Make Access Token Request with private key jwt Authentication"); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setJwksUri(clientJwksUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getCode()); assertNotNull(authorizationResponse.getState()); String authorizationCode = authorizationResponse.getCode(); // 3. Get Access Token OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE); tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT); tokenRequest.setAlgorithm(SignatureAlgorithm.RS256); tokenRequest.setCryptoProvider(cryptoProvider); tokenRequest.setKeyId(keyId); tokenRequest.setAudience(tokenEndpoint); tokenRequest.setCode(authorizationCode); tokenRequest.setRedirectUri(redirectUri); tokenRequest.setAuthUsername(clientId); TokenClient tokenClient = new TokenClient(tokenEndpoint); tokenClient.setRequest(tokenRequest); TokenResponse tokenResponse = tokenClient.exec(); showClient(tokenClient); assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus()); assertNotNull(tokenResponse.getEntity(), "The entity is null"); assertNotNull(tokenResponse.getAccessToken(), "The access token is null"); assertNotNull(tokenResponse.getExpiresIn(), "The expires in value is null"); assertNotNull(tokenResponse.getTokenType(), "The token type is null"); assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null"); } }