Return-Path: 
 <commits-return-41654-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A96C319B31
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu, 28 Apr 2016 11:32:10 +0000 (UTC)
Received: (qmail 69576 invoked by uid 500); 28 Apr 2016 11:32:10 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 69517 invoked by uid 500); 28 Apr 2016 11:32:10 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 69508 invoked by uid 99); 28 Apr 2016 11:32:10 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Apr 2016 11:32:10 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 6EF1DDFCE0; Thu, 28 Apr 2016 11:32:10 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <3a3617830ca740a895853078569d825c@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Adding some OIDC Keys tests
Date: Thu, 28 Apr 2016 11:32:10 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 895f9b0ff -> 2b5904f6d


Adding some OIDC Keys tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2b5904f6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2b5904f6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2b5904f6

Branch: refs/heads/3.1.x-fixes
Commit: 2b5904f6d8b529e7ae18719b5bfab0560abb1e95
Parents: 895f9b0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Apr 28 12:31:11 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Apr 28 12:32:03 2016 +0100

----------------------------------------------------------------------
 .../security/oauth2/common/OAuth2TestUtils.java |  5 +-
 .../jaxrs/security/oidc/OIDCFlowTest.java       | 62 ++++++++++++++++++++
 .../systest/jaxrs/security/oidc/oidc-server.xml |  1 +
 3 files changed, 66 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2b5904f6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 073c0df..eb325df 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -30,6 +30,7 @@ import javax.ws.rs.core.Response;
 
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.provider.json.JSONProvider;
+import org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
@@ -162,8 +163,8 @@ public final class OAuth2TestUtils {
         jsonP.setNamespaceMap(Collections.singletonMap("http://org.apache.cxf.rs.security.oauth",
                                                        "ns2"));
         providers.add(jsonP);
-        OAuthJSONProvider oauthProvider = new OAuthJSONProvider();
-        providers.add(oauthProvider);
+        providers.add(new OAuthJSONProvider());
+        providers.add(new JsonWebKeysProvider());
         
         return providers;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b5904f6/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index 9ccd19d..168a5a1 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -34,6 +34,7 @@ import javax.ws.rs.core.Response;
 
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
 import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
@@ -562,6 +563,67 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         assertNotNull(code);
     }
     
+    @org.junit.Test
+    public void testGetKeys() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        client.accept("application/json");
+        
+        client.path("keys/");
+        Response response = client.get();
+        JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
+        
+        assertEquals(1, jsonWebKeys.getKeys().size());
+    }
+    
+    @org.junit.Test
+    public void testAuthorizationCodeFlowWithKey() throws Exception {
+        URL busFile = OIDCFlowTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                            "alice", "security", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        // Get Authorization Code
+        String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
+        assertNotNull(code);
+        
+        // Now get the access token
+        client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                  "consumer-id", "this-is-a-secret", busFile.toString());
+        // Save the Cookie for the second request...
+        WebClient.getConfig(client).getRequestContext().put(
+            org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+        
+        ClientAccessToken accessToken = 
+            OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
+        assertNotNull(accessToken.getTokenKey());
+        assertTrue(accessToken.getApprovedScope().contains("openid"));
+        
+        String idToken = accessToken.getParameters().get("id_token");
+        assertNotNull(idToken);
+        
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+        
+        // Now get the key to validate the token
+        client = WebClient.create(address, OAuth2TestUtils.setupProviders(), 
+                                  "alice", "security", busFile.toString());
+        client.accept("application/json");
+        
+        client.path("keys/");
+        Response response = client.get();
+        JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
+        
+        Assert.assertTrue(jwtConsumer.verifySignatureWith(jsonWebKeys.getKeys().get(0),
+                                                          SignatureAlgorithm.RS256));
+    }
+    
     private void validateIdToken(String idToken, String nonce) 
         throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b5904f6/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
index 988910e..93873df 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
@@ -122,6 +122,7 @@ under the License.
        </jaxrs:serviceBeans>
        <jaxrs:providers>
            <ref bean="basicAuthFilter"/>
+           <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
        </jaxrs:providers>
        <jaxrs:properties>
            <entry key="rs.security.keystore.type" value="jks" />