cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Adding OIDC Hybrid tests
Date Mon, 25 Apr 2016 15:15:24 GMT
Adding OIDC Hybrid tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/608f89a7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/608f89a7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/608f89a7

Branch: refs/heads/master
Commit: 608f89a7fe35bb075f8d74e5ee2dfca764db9bbe
Parents: 78e7115
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Apr 25 16:14:28 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Apr 25 16:15:17 2016 +0100

----------------------------------------------------------------------
 .../security/oauth2/common/OAuth2TestUtils.java |  14 +-
 .../oauth2/common/OAuthDataProviderImpl.java    |   1 +
 .../jaxrs/security/oidc/OIDCFlowTest.java       | 161 +++++++++++++++++++
 .../systest/jaxrs/security/oidc/oidc-server.xml |  14 +-
 4 files changed, 185 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/608f89a7/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index ea7afa0..3ab095d 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -69,11 +69,18 @@ public final class OAuth2TestUtils {
     
     public static String getAuthorizationCode(WebClient client, String scope, String consumerId,
                                               String nonce, String state) {
+        String location = getLocation(client, scope, consumerId, nonce, state, "code", "authorize/");
+        return getSubstring(location, "code");
+    }
+    
+    public static String getLocation(WebClient client, String scope, String consumerId,
+                                              String nonce, String state, String responseType,
+                                              String path) {
         // Make initial authorization request
         client.type("application/json").accept("application/json");
         client.query("client_id", consumerId);
         client.query("redirect_uri", "http://www.blah.apache.org");
-        client.query("response_type", "code");
+        client.query("response_type", responseType);
         if (scope != null) {
             client.query("scope", scope);
         }
@@ -84,7 +91,7 @@ public final class OAuth2TestUtils {
             client.query("state", state);
         }
 
-        client.path("authorize/");
+        client.path(path);
         Response response = client.get();
 
         OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
@@ -106,6 +113,7 @@ public final class OAuth2TestUtils {
         if (authzData.getState() != null) {
             form.param("state", authzData.getState());
         }
+        form.param("response_type", authzData.getResponseType());
         form.param("oauthDecision", "allow");
 
         response = client.post(form);
@@ -114,7 +122,7 @@ public final class OAuth2TestUtils {
             Assert.assertTrue(location.contains("state=" + state));
         }
 
-        return getSubstring(location, "code");
+        return location;
     }
 
     public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client,
String code) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/608f89a7/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
index 0fed0d4..0252e1a 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuthDataProviderImpl.java
@@ -45,6 +45,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider
{
         client.getAllowedGrantTypes().add("authorization_code");
         client.getAllowedGrantTypes().add("refresh_token");
         client.getAllowedGrantTypes().add("implicit");
+        client.getAllowedGrantTypes().add("hybrid");
         client.getAllowedGrantTypes().add("password");
         client.getAllowedGrantTypes().add("client_credentials");
         client.getAllowedGrantTypes().add("urn:ietf:params:oauth:grant-type:saml2-bearer");

http://git-wip-us.apache.org/repos/asf/cxf/blob/608f89a7/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index bba05a4..2195cf3 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -303,6 +304,166 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(accessToken.getTokenKey());
     }
     
+    @org.junit.Test
+    public void testImplicitFlow() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+       
+        // Get Access Token
+        client.type("application/json").accept("application/json");
+        client.query("client_id", "consumer-id");
+        client.query("redirect_uri", "http://www.blah.apache.org");
+        client.query("scope", "openid");
+        client.query("response_type", "id_token token");
+        client.query("nonce", "123456789");
+        client.path("authorize-implicit/");
+        Response response = client.get();
+        
+        OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
+        
+        // Now call "decision" to get the access token
+        client.path("decision");
+        client.type("application/x-www-form-urlencoded");
+        
+        Form form = new Form();
+        form.param("session_authenticity_token", authzData.getAuthenticityToken());
+        form.param("client_id", authzData.getClientId());
+        form.param("redirect_uri", authzData.getRedirectUri());
+        form.param("scope", authzData.getProposedScope());
+        if (authzData.getResponseType() != null) {
+            form.param("response_type", authzData.getResponseType());
+        }
+        if (authzData.getNonce() != null) {
+            form.param("nonce", authzData.getNonce());
+        }
+        form.param("oauthDecision", "allow");
+        
+        response = client.post(form);
+        
+        String location = response.getHeaderString("Location"); 
+        
+        // Check Access Token
+        String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
+        assertNotNull(accessToken);
+        
+        // Check IdToken
+        String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+        assertNotNull(idToken);
+        validateIdToken(idToken, null);
+        
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+        Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
+    }
+    
+    @org.junit.Test
+    public void testHybridCodeIdToken() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        // Get location
+        String location = 
+            OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,

+                                        "code id_token", "authorize-hybrid");
+        assertNotNull(location);
+        
+        // Check code
+        String code = OAuth2TestUtils.getSubstring(location, "code");
+        assertNotNull(code);
+        
+        // Check id_token
+        String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+        assertNotNull(idToken);
+        validateIdToken(idToken, "123456789");
+        
+        // Now get the access token
+        client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                  "consumer-id", "this-is-a-secret", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        ClientAccessToken accessToken = 
+            OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
+        assertNotNull(accessToken.getTokenKey());
+        assertTrue(accessToken.getApprovedScope().contains("openid"));
+        
+        // Check id_token from the token endpoint
+        idToken = accessToken.getParameters().get("id_token");
+        assertNotNull(idToken);
+        validateIdToken(idToken, null);
+    }
+    
+    @org.junit.Test
+    public void testHybridCodeToken() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        // Get location
+        String location = 
+            OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,

+                                        "code token", "authorize-hybrid");
+        assertNotNull(location);
+        
+        // Check code
+        String code = OAuth2TestUtils.getSubstring(location, "code");
+        assertNotNull(code);
+        
+        // Check Access Token
+        String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
+        assertNotNull(accessToken);
+    }
+    
+    @org.junit.Test
+    public void testHybridCodeIdTokenToken() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        // Get location
+        String location = 
+            OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,

+                                        "code id_token token", "authorize-hybrid");
+        assertNotNull(location);
+        
+        // Check code
+        String code = OAuth2TestUtils.getSubstring(location, "code");
+        assertNotNull(code);
+        
+        // Check id_token
+        String idToken = OAuth2TestUtils.getSubstring(location, "id_token");
+        assertNotNull(idToken);
+        validateIdToken(idToken, "123456789");
+        
+        // Check Access Token
+        String accessToken = OAuth2TestUtils.getSubstring(location, "access_token");
+        assertNotNull(accessToken);
+    }
+    
     private void validateIdToken(String idToken, String nonce) 
         throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
{
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);

http://git-wip-us.apache.org/repos/asf/cxf/blob/608f89a7/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
index ad95bec..f779096 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
@@ -66,12 +66,14 @@ under the License.
        <constructor-arg><value>${testutil.ports.jaxrs-oidc}</value></constructor-arg>
    </bean>
    
-   <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+   <bean id="authorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
       <property name="dataProvider" ref="oauthProvider"/>
    </bean>
    
-   <bean id="implicitService" class="org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService">
+   <bean id="implicitService" class="org.apache.cxf.rs.security.oidc.idp.OidcImplicitService">
       <property name="dataProvider" ref="oauthProvider"/>
+      <property name="responseFilter" ref="idTokenFilter"/>
+      <property name="idTokenProvider" ref="idTokenProviderImpl"/>
    </bean>
    
    <bean id="refreshGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler">
@@ -94,6 +96,13 @@ under the License.
       <property name="responseFilter" ref="idTokenFilter"/>
    </bean>
    
+   <bean id="hybridService" class="org.apache.cxf.rs.security.oidc.idp.OidcHybridService">
+      <property name="dataProvider" ref="oauthProvider"/>
+      <property name="responseFilter" ref="idTokenFilter"/>
+      <property name="idTokenProvider" ref="idTokenProviderImpl"/>
+      <property name="codeService" ref="authorizationService"/>
+   </bean>
+   
    <bean id="callbackHandler" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.CallbackHandlerImpl"/>
    <bean id="basicAuthFilter" class="org.apache.cxf.systest.jaxrs.security.oauth2.common.WSS4JBasicAuthFilter">
        <property name="callbackHandler" ref="callbackHandler"/>
@@ -106,6 +115,7 @@ under the License.
        address="https://localhost:${testutil.ports.jaxrs-oidc}/services">
        <jaxrs:serviceBeans>
            <ref bean="authorizationService"/>
+           <ref bean="hybridService"/>
            <ref bean="implicitService"/>
            <ref bean="tokenService"/>
            <ref bean="oidcKeysService"/>


Mime
View raw message