cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Adding JWTRequest tests
Date Wed, 27 Apr 2016 16:33:27 GMT
Repository: cxf
Updated Branches:
  refs/heads/master ee6e9e7d0 -> b630ca48a


Adding JWTRequest tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b630ca48
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b630ca48
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b630ca48

Branch: refs/heads/master
Commit: b630ca48a8a0c073d2f90a700b4ee1c301f8c526
Parents: ee6e9e7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Apr 27 17:33:11 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 27 17:33:11 2016 +0100

----------------------------------------------------------------------
 .../security/oauth2/common/OAuth2TestUtils.java |  91 ++++++++++++---
 .../jaxrs/security/oidc/OIDCFlowTest.java       | 116 +++++++++++++++++--
 .../systest/jaxrs/security/oidc/oidc-server.xml |  20 ++++
 3 files changed, 203 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b630ca48/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 3ab095d..073c0df 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -69,29 +69,37 @@ public final class OAuth2TestUtils {
     
     public static String getAuthorizationCode(WebClient client, String scope, String consumerId,
                                               String nonce, String state) {
-        String location = getLocation(client, scope, consumerId, nonce, state, "code", "authorize/");
+        AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+        parameters.setConsumerId(consumerId);
+        parameters.setScope(scope);
+        parameters.setNonce(nonce);
+        parameters.setState(state);
+        parameters.setResponseType("code");
+        parameters.setPath("authorize/");
+        String location = getLocation(client, parameters);
         return getSubstring(location, "code");
     }
     
-    public static String getLocation(WebClient client, String scope, String consumerId,
-                                              String nonce, String state, String responseType,
-                                              String path) {
+    public static String getLocation(WebClient client, AuthorizationCodeParameters parameters)
{ 
         // Make initial authorization request
         client.type("application/json").accept("application/json");
-        client.query("client_id", consumerId);
+        client.query("client_id", parameters.getConsumerId());
         client.query("redirect_uri", "http://www.blah.apache.org");
-        client.query("response_type", responseType);
-        if (scope != null) {
-            client.query("scope", scope);
+        client.query("response_type", parameters.getResponseType());
+        if (parameters.getScope() != null) {
+            client.query("scope", parameters.getScope());
         }
-        if (nonce != null) {
-            client.query("nonce", nonce);
+        if (parameters.getNonce() != null) {
+            client.query("nonce", parameters.getNonce());
         }
-        if (state != null) {
-            client.query("state", state);
+        if (parameters.getState() != null) {
+            client.query("state", parameters.getState());
+        }
+        if (parameters.getRequest() != null) {
+            client.query("request", parameters.getRequest());
         }
 
-        client.path(path);
+        client.path(parameters.getPath());
         Response response = client.get();
 
         OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
@@ -118,8 +126,8 @@ public final class OAuth2TestUtils {
 
         response = client.post(form);
         String location = response.getHeaderString("Location");
-        if (state != null) {
-            Assert.assertTrue(location.contains("state=" + state));
+        if (parameters.getState() != null) {
+            Assert.assertTrue(location.contains("state=" + parameters.getState()));
         }
 
         return location;
@@ -243,4 +251,57 @@ public final class OAuth2TestUtils {
         }
         return foundString.substring(0, ampersandIndex);
     }
+    
+    public static class AuthorizationCodeParameters {
+        private String scope;
+        private String consumerId;
+        private String nonce;
+        private String state;
+        private String responseType;
+        private String path; 
+        private String request;
+        
+        public String getScope() {
+            return scope;
+        }
+        public void setScope(String scope) {
+            this.scope = scope;
+        }
+        public String getConsumerId() {
+            return consumerId;
+        }
+        public void setConsumerId(String consumerId) {
+            this.consumerId = consumerId;
+        }
+        public String getNonce() {
+            return nonce;
+        }
+        public void setNonce(String nonce) {
+            this.nonce = nonce;
+        }
+        public String getState() {
+            return state;
+        }
+        public void setState(String state) {
+            this.state = state;
+        }
+        public String getResponseType() {
+            return responseType;
+        }
+        public void setResponseType(String responseType) {
+            this.responseType = responseType;
+        }
+        public String getPath() {
+            return path;
+        }
+        public void setPath(String path) {
+            this.path = path;
+        }
+        public String getRequest() {
+            return request;
+        }
+        public void setRequest(String request) {
+            this.request = request;
+        }
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/b630ca48/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index 2195cf3..9ccd19d 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -26,19 +26,25 @@ import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
 
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.Response;
 
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
+import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.testutil.common.TestUtil;
 import org.apache.wss4j.common.util.Loader;
@@ -375,9 +381,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
             org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
         
         // Get location
-        String location = 
-            OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,

-                                        "code id_token", "authorize-hybrid");
+        AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+        parameters.setConsumerId("consumer-id");
+        parameters.setScope("openid");
+        parameters.setNonce("123456789");
+        parameters.setResponseType("code id_token");
+        parameters.setPath("authorize-hybrid/");
+        
+        String location = OAuth2TestUtils.getLocation(client, parameters);
         assertNotNull(location);
         
         // Check code
@@ -419,9 +430,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
             org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
         
         // Get location
-        String location = 
-            OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,

-                                        "code token", "authorize-hybrid");
+        AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+        parameters.setConsumerId("consumer-id");
+        parameters.setScope("openid");
+        parameters.setNonce("123456789");
+        parameters.setResponseType("code token");
+        parameters.setPath("authorize-hybrid/");
+      
+        String location = OAuth2TestUtils.getLocation(client, parameters);
         assertNotNull(location);
         
         // Check code
@@ -445,9 +461,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
             org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
         
         // Get location
-        String location = 
-            OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,

-                                        "code id_token token", "authorize-hybrid");
+        AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+        parameters.setConsumerId("consumer-id");
+        parameters.setScope("openid");
+        parameters.setNonce("123456789");
+        parameters.setResponseType("code id_token token");
+        parameters.setPath("authorize-hybrid/");
+        
+        String location = OAuth2TestUtils.getLocation(client, parameters);
         assertNotNull(location);
         
         // Check code
@@ -464,6 +485,83 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(accessToken);
     }
     
+    @org.junit.Test
+    public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        JwtClaims claims = new JwtClaims();
+        claims.setIssuer("consumer-id");
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        claims.setAudiences(
+            Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
+        
+        JwsHeaders headers = new JwsHeaders();
+        headers.setAlgorithm("none");
+        
+        JwtToken token = new JwtToken(headers, claims);
+        
+        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
+        String request = jws.getSignedEncodedJws();
+        
+        // Get Authorization Code
+        AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+        parameters.setConsumerId("consumer-id");
+        parameters.setScope("openid");
+        parameters.setResponseType("code");
+        parameters.setPath("authorize/");
+        parameters.setRequest(request);
+        
+        String location = OAuth2TestUtils.getLocation(client, parameters);
+        String code = OAuth2TestUtils.getSubstring(location, "code");
+        assertNotNull(code);
+    }
+    
+    @org.junit.Test
+    public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        JwtClaims claims = new JwtClaims();
+        claims.setIssuer("consumer-id");
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        claims.setAudiences(
+            Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
+        
+        JwsHeaders headers = new JwsHeaders();
+        headers.setAlgorithm("none");
+        
+        JwtToken token = new JwtToken(headers, claims);
+        
+        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
+        String request = jws.getSignedEncodedJws();
+        
+        // Get Authorization Code
+        AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+        parameters.setConsumerId("consumer-id");
+        parameters.setScope("openid");
+        parameters.setResponseType("code");
+        parameters.setPath("authorize/");
+        parameters.setState("123456789");
+        parameters.setRequest(request);
+        
+        String location = OAuth2TestUtils.getLocation(client, parameters);
+        String code = OAuth2TestUtils.getSubstring(location, "code");
+        assertNotNull(code);
+    }
+    
     private void validateIdToken(String idToken, String nonce) 
         throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
{
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);

http://git-wip-us.apache.org/repos/asf/cxf/blob/b630ca48/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
index f779096..988910e 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
@@ -134,5 +134,25 @@ under the License.
        </jaxrs:properties>
    </jaxrs:server>
    
+   <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+   
+   <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+      <property name="dataProvider" ref="oauthProvider"/>
+      <property name="authorizationFilter" ref="jwtRequestFilter"/>
+   </bean>
+   
+   <jaxrs:server 
+       depends-on="tls-config" 
+       address="https://localhost:${testutil.ports.jaxrs-oidc}/unsignedjwtservices">
+       <jaxrs:serviceBeans>
+           <ref bean="jwtAuthorizationService"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+           <ref bean="basicAuthFilter"/>
+       </jaxrs:providers>
+       <jaxrs:properties>
+           <entry key="rs.security.signature.algorithm" value="none" />
+       </jaxrs:properties>
+   </jaxrs:server>
 
 </beans>


Mime
View raw message