You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2016/05/01 21:36:34 UTC
[18/36] cxf git commit: Adding JWTRequest tests
Adding JWTRequest tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b630ca48
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b630ca48
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b630ca48
Branch: refs/heads/master-jaxrs-2.1
Commit: b630ca48a8a0c073d2f90a700b4ee1c301f8c526
Parents: ee6e9e7
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Apr 27 17:33:11 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Apr 27 17:33:11 2016 +0100
----------------------------------------------------------------------
.../security/oauth2/common/OAuth2TestUtils.java | 91 ++++++++++++---
.../jaxrs/security/oidc/OIDCFlowTest.java | 116 +++++++++++++++++--
.../systest/jaxrs/security/oidc/oidc-server.xml | 20 ++++
3 files changed, 203 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/b630ca48/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 3ab095d..073c0df 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -69,29 +69,37 @@ public final class OAuth2TestUtils {
public static String getAuthorizationCode(WebClient client, String scope, String consumerId,
String nonce, String state) {
- String location = getLocation(client, scope, consumerId, nonce, state, "code", "authorize/");
+ AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+ parameters.setConsumerId(consumerId);
+ parameters.setScope(scope);
+ parameters.setNonce(nonce);
+ parameters.setState(state);
+ parameters.setResponseType("code");
+ parameters.setPath("authorize/");
+ String location = getLocation(client, parameters);
return getSubstring(location, "code");
}
- public static String getLocation(WebClient client, String scope, String consumerId,
- String nonce, String state, String responseType,
- String path) {
+ public static String getLocation(WebClient client, AuthorizationCodeParameters parameters) {
// Make initial authorization request
client.type("application/json").accept("application/json");
- client.query("client_id", consumerId);
+ client.query("client_id", parameters.getConsumerId());
client.query("redirect_uri", "http://www.blah.apache.org");
- client.query("response_type", responseType);
- if (scope != null) {
- client.query("scope", scope);
+ client.query("response_type", parameters.getResponseType());
+ if (parameters.getScope() != null) {
+ client.query("scope", parameters.getScope());
}
- if (nonce != null) {
- client.query("nonce", nonce);
+ if (parameters.getNonce() != null) {
+ client.query("nonce", parameters.getNonce());
}
- if (state != null) {
- client.query("state", state);
+ if (parameters.getState() != null) {
+ client.query("state", parameters.getState());
+ }
+ if (parameters.getRequest() != null) {
+ client.query("request", parameters.getRequest());
}
- client.path(path);
+ client.path(parameters.getPath());
Response response = client.get();
OAuthAuthorizationData authzData = response.readEntity(OAuthAuthorizationData.class);
@@ -118,8 +126,8 @@ public final class OAuth2TestUtils {
response = client.post(form);
String location = response.getHeaderString("Location");
- if (state != null) {
- Assert.assertTrue(location.contains("state=" + state));
+ if (parameters.getState() != null) {
+ Assert.assertTrue(location.contains("state=" + parameters.getState()));
}
return location;
@@ -243,4 +251,57 @@ public final class OAuth2TestUtils {
}
return foundString.substring(0, ampersandIndex);
}
+
+ public static class AuthorizationCodeParameters {
+ private String scope;
+ private String consumerId;
+ private String nonce;
+ private String state;
+ private String responseType;
+ private String path;
+ private String request;
+
+ public String getScope() {
+ return scope;
+ }
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+ public String getConsumerId() {
+ return consumerId;
+ }
+ public void setConsumerId(String consumerId) {
+ this.consumerId = consumerId;
+ }
+ public String getNonce() {
+ return nonce;
+ }
+ public void setNonce(String nonce) {
+ this.nonce = nonce;
+ }
+ public String getState() {
+ return state;
+ }
+ public void setState(String state) {
+ this.state = state;
+ }
+ public String getResponseType() {
+ return responseType;
+ }
+ public void setResponseType(String responseType) {
+ this.responseType = responseType;
+ }
+ public String getPath() {
+ return path;
+ }
+ public void setPath(String path) {
+ this.path = path;
+ }
+ public String getRequest() {
+ return request;
+ }
+ public void setRequest(String request) {
+ this.request = request;
+ }
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/b630ca48/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index 2195cf3..9ccd19d 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -26,19 +26,25 @@ import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
+import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.wss4j.common.util.Loader;
@@ -375,9 +381,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get location
- String location =
- OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,
- "code id_token", "authorize-hybrid");
+ AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setNonce("123456789");
+ parameters.setResponseType("code id_token");
+ parameters.setPath("authorize-hybrid/");
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
assertNotNull(location);
// Check code
@@ -419,9 +430,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get location
- String location =
- OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,
- "code token", "authorize-hybrid");
+ AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setNonce("123456789");
+ parameters.setResponseType("code token");
+ parameters.setPath("authorize-hybrid/");
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
assertNotNull(location);
// Check code
@@ -445,9 +461,14 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get location
- String location =
- OAuth2TestUtils.getLocation(client, "openid", "consumer-id", "123456789", null,
- "code id_token token", "authorize-hybrid");
+ AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setNonce("123456789");
+ parameters.setResponseType("code id_token token");
+ parameters.setPath("authorize-hybrid/");
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
assertNotNull(location);
// Check code
@@ -464,6 +485,83 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
assertNotNull(accessToken);
}
+ @org.junit.Test
+ public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ JwtClaims claims = new JwtClaims();
+ claims.setIssuer("consumer-id");
+ claims.setIssuedAt(new Date().getTime() / 1000L);
+ claims.setAudiences(
+ Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
+
+ JwsHeaders headers = new JwsHeaders();
+ headers.setAlgorithm("none");
+
+ JwtToken token = new JwtToken(headers, claims);
+
+ JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
+ String request = jws.getSignedEncodedJws();
+
+ // Get Authorization Code
+ AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setResponseType("code");
+ parameters.setPath("authorize/");
+ parameters.setRequest(request);
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+ }
+
+ @org.junit.Test
+ public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ JwtClaims claims = new JwtClaims();
+ claims.setIssuer("consumer-id");
+ claims.setIssuedAt(new Date().getTime() / 1000L);
+ claims.setAudiences(
+ Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
+
+ JwsHeaders headers = new JwsHeaders();
+ headers.setAlgorithm("none");
+
+ JwtToken token = new JwtToken(headers, claims);
+
+ JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
+ String request = jws.getSignedEncodedJws();
+
+ // Get Authorization Code
+ AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
+ parameters.setConsumerId("consumer-id");
+ parameters.setScope("openid");
+ parameters.setResponseType("code");
+ parameters.setPath("authorize/");
+ parameters.setState("123456789");
+ parameters.setRequest(request);
+
+ String location = OAuth2TestUtils.getLocation(client, parameters);
+ String code = OAuth2TestUtils.getSubstring(location, "code");
+ assertNotNull(code);
+ }
+
private void validateIdToken(String idToken, String nonce)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
http://git-wip-us.apache.org/repos/asf/cxf/blob/b630ca48/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
index f779096..988910e 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
@@ -134,5 +134,25 @@ under the License.
</jaxrs:properties>
</jaxrs:server>
+ <bean id="jwtRequestFilter" class="org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeFilter"/>
+
+ <bean id="jwtAuthorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="authorizationFilter" ref="jwtRequestFilter"/>
+ </bean>
+
+ <jaxrs:server
+ depends-on="tls-config"
+ address="https://localhost:${testutil.ports.jaxrs-oidc}/unsignedjwtservices">
+ <jaxrs:serviceBeans>
+ <ref bean="jwtAuthorizationService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="basicAuthFilter"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.algorithm" value="none" />
+ </jaxrs:properties>
+ </jaxrs:server>
</beans>