Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6E23A19EC2 for ; Wed, 27 Apr 2016 16:35:25 +0000 (UTC) Received: (qmail 86605 invoked by uid 500); 27 Apr 2016 16:35:25 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 86542 invoked by uid 500); 27 Apr 2016 16:35:25 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 86533 invoked by uid 99); 27 Apr 2016 16:35:25 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Apr 2016 16:35:25 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 1F516DFB90; Wed, 27 Apr 2016 16:35:25 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Adding JWTRequest tests Date: Wed, 27 Apr 2016 16:35:25 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 30ad57d55 -> 50daa4883 Adding JWTRequest tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/50daa488 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/50daa488 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/50daa488 Branch: refs/heads/3.1.x-fixes Commit: 50daa4883dc8078a018ebc985e5c7bd58c6c5ff1 Parents: 30ad57d Author: Colm O hEigeartaigh Authored: Wed Apr 27 17:33:11 2016 +0100 Committer: Colm O hEigeartaigh Committed: Wed Apr 27 17:34:21 2016 +0100 ---------------------------------------------------------------------- .../security/oauth2/common/OAuth2TestUtils.java | 91 ++++++++++++--- .../jaxrs/security/oidc/OIDCFlowTest.java | 116 +++++++++++++++++-- .../systest/jaxrs/security/oidc/oidc-server.xml | 20 ++++ 3 files changed, 203 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/50daa488/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java index 3ab095d..073c0df 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java @@ -69,29 +69,37 @@ public final class OAuth2TestUtils { public static String getAuthorizationCode(WebClient client, String scope, String consumerId, String nonce, String state) { - String location = getLocation(client, scope, consumerId, nonce, state, "code", "authorize/"); + AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); + parameters.setConsumerId(consumerId); + parameters.setScope(scope); + parameters.setNonce(nonce); + parameters.setState(state); + parameters.setResponseType("code"); + parameters.setPath("authorize/"); + String location = getLocation(client, parameters); return getSubstring(location, "code"); } - public static String getLocation(WebClient client, String scope, String consumerId, - String nonce, String state, String responseType, - String path) { + public static String getLocation(WebClient client, AuthorizationCodeParameters parameters) { // Make initial authorization request client.type("application/json").accept("application/json"); - client.query("client_id", consumerId); + client.query("client_id", parameters.getConsumerId()); client.query("redirect_uri", "http://www.blah.apache.org"); - client.query("response_type", responseType); - if (scope != null) { - client.query("scope", scope); + client.query("response_type", parameters.getResponseType()); + if (parameters.getScope() != null) { + client.query("scope", parameters.getScope()); } - if (nonce != null) { - client.query("nonce", nonce); + if (parameters.getNonce() != null) { + client.query("nonce", parameters.getNonce()); } - if (state != null) { - client.query("state", state); + if (parameters.getState() != null) { + client.query("state", parameters.getState()); + } + if (parameters.getRequest() != null) { + client.query("request", parameters.getRequest()); } - client.path(path); + client.path(parameters.getPath()); Response response = client.get(); OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class); @@ -118,8 +126,8 @@ public final class OAuth2TestUtils { response = client.post(form); String location = response.getHeaderString("Location"); - if (state != null) { - Assert.assertTrue(location.contains("state=" + state)); + if (parameters.getState() != null) { + Assert.assertTrue(location.contains("state=" + parameters.getState())); } return location; @@ -243,4 +251,57 @@ public final class OAuth2TestUtils { } return foundString.substring(0, ampersandIndex); } + + public static class AuthorizationCodeParameters { + private String scope; + private String consumerId; + private String nonce; + private String state; + private String responseType; + private String path; + private String request; + + public String getScope() { + return scope; + } + public void setScope(String scope) { + this.scope = scope; + } + public String getConsumerId() { + return consumerId; + } + public void setConsumerId(String consumerId) { + this.consumerId = consumerId; + } + public String getNonce() { + return nonce; + } + public void setNonce(String nonce) { + this.nonce = nonce; + } + public String getState() { + return state; + } + public void setState(String state) { + this.state = state; + } + public String getResponseType() { + return responseType; + } + public void setResponseType(String responseType) { + this.responseType = responseType; + } + public String getPath() { + return path; + } + public void setPath(String path) { + this.path = path; + } + public String getRequest() { + return request; + } + public void setRequest(String request) { + this.request = request; + } + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/50daa488/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java index 2195cf3..9ccd19d 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java @@ -26,19 +26,25 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.Date; import javax.ws.rs.core.Form; import javax.ws.rs.core.Response; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; +import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; +import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtConstants; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData; import org.apache.cxf.rs.security.oidc.common.IdToken; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; +import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.testutil.common.TestUtil; import org.apache.wss4j.common.util.Loader; @@ -375,9 +381,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); // Get location - String location = - OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null, - "code id_token", "authorize-hybrid"); + AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); + parameters.setConsumerId("consumer-id"); + parameters.setScope("openid"); + parameters.setNonce("123456789"); + parameters.setResponseType("code id_token"); + parameters.setPath("authorize-hybrid/"); + + String location = OAuth2TestUtils.getLocation(client, parameters); assertNotNull(location); // Check code @@ -419,9 +430,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); // Get location - String location = - OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null, - "code token", "authorize-hybrid"); + AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); + parameters.setConsumerId("consumer-id"); + parameters.setScope("openid"); + parameters.setNonce("123456789"); + parameters.setResponseType("code token"); + parameters.setPath("authorize-hybrid/"); + + String location = OAuth2TestUtils.getLocation(client, parameters); assertNotNull(location); // Check code @@ -445,9 +461,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); // Get location - String location = - OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null, - "code id_token token", "authorize-hybrid"); + AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); + parameters.setConsumerId("consumer-id"); + parameters.setScope("openid"); + parameters.setNonce("123456789"); + parameters.setResponseType("code id_token token"); + parameters.setPath("authorize-hybrid/"); + + String location = OAuth2TestUtils.getLocation(client, parameters); assertNotNull(location); // Check code @@ -464,6 +485,83 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase { assertNotNull(accessToken); } + @org.junit.Test + public void testAuthorizationCodeFlowUnsignedJWT() throws Exception { + URL busFile = OIDCFlowTest.class.getResource("client.xml"); + + String address = "https://localhost:" + PORT + "/unsignedjwtservices/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + JwtClaims claims = new JwtClaims(); + claims.setIssuer("consumer-id"); + claims.setIssuedAt(new Date().getTime() / 1000L); + claims.setAudiences( + Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/")); + + JwsHeaders headers = new JwsHeaders(); + headers.setAlgorithm("none"); + + JwtToken token = new JwtToken(headers, claims); + + JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token); + String request = jws.getSignedEncodedJws(); + + // Get Authorization Code + AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); + parameters.setConsumerId("consumer-id"); + parameters.setScope("openid"); + parameters.setResponseType("code"); + parameters.setPath("authorize/"); + parameters.setRequest(request); + + String location = OAuth2TestUtils.getLocation(client, parameters); + String code = OAuth2TestUtils.getSubstring(location, "code"); + assertNotNull(code); + } + + @org.junit.Test + public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception { + URL busFile = OIDCFlowTest.class.getResource("client.xml"); + + String address = "https://localhost:" + PORT + "/unsignedjwtservices/"; + WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), + "alice", "security", busFile.toString()); + // Save the Cookie for the second request... + WebClient.getConfig(client).getRequestContext().put( + org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + + JwtClaims claims = new JwtClaims(); + claims.setIssuer("consumer-id"); + claims.setIssuedAt(new Date().getTime() / 1000L); + claims.setAudiences( + Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/")); + + JwsHeaders headers = new JwsHeaders(); + headers.setAlgorithm("none"); + + JwtToken token = new JwtToken(headers, claims); + + JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token); + String request = jws.getSignedEncodedJws(); + + // Get Authorization Code + AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); + parameters.setConsumerId("consumer-id"); + parameters.setScope("openid"); + parameters.setResponseType("code"); + parameters.setPath("authorize/"); + parameters.setState("123456789"); + parameters.setRequest(request); + + String location = OAuth2TestUtils.getLocation(client, parameters); + String code = OAuth2TestUtils.getSubstring(location, "code"); + assertNotNull(code); + } + private void validateIdToken(String idToken, String nonce) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken); http://git-wip-us.apache.org/repos/asf/cxf/blob/50daa488/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml index f779096..988910e 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml @@ -134,5 +134,25 @@ under the License. + + + + + + + + + + + + + + + + + +