You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/28 13:31:33 UTC
cxf git commit: Adding some OIDC Keys tests
Repository: cxf
Updated Branches:
refs/heads/master c65c7b5fe -> 210f068d5
Adding some OIDC Keys tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/210f068d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/210f068d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/210f068d
Branch: refs/heads/master
Commit: 210f068d5331c3eb7ec83022088b54a5ac53ec55
Parents: c65c7b5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 28 12:31:11 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 28 12:31:11 2016 +0100
----------------------------------------------------------------------
.../security/oauth2/common/OAuth2TestUtils.java | 5 +-
.../jaxrs/security/oidc/OIDCFlowTest.java | 62 ++++++++++++++++++++
.../systest/jaxrs/security/oidc/oidc-server.xml | 1 +
3 files changed, 66 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/210f068d/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 073c0df..eb325df 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -30,6 +30,7 @@ import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.provider.json.JSONProvider;
+import org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
@@ -162,8 +163,8 @@ public final class OAuth2TestUtils {
jsonP.setNamespaceMap(Collections.singletonMap("http://org.apache.cxf.rs.security.oauth",
"ns2"));
providers.add(jsonP);
- OAuthJSONProvider oauthProvider = new OAuthJSONProvider();
- providers.add(oauthProvider);
+ providers.add(new OAuthJSONProvider());
+ providers.add(new JsonWebKeysProvider());
return providers;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/210f068d/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index 9ccd19d..168a5a1 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -34,6 +34,7 @@ import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
@@ -562,6 +563,67 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
assertNotNull(code);
}
+ @org.junit.Test
+ public void testGetKeys() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/services/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ client.accept("application/json");
+
+ client.path("keys/");
+ Response response = client.get();
+ JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
+
+ assertEquals(1, jsonWebKeys.getKeys().size());
+ }
+
+ @org.junit.Test
+ public void testAuthorizationCodeFlowWithKey() throws Exception {
+ URL busFile = OIDCFlowTest.class.getResource("client.xml");
+
+ String address = "https://localhost:" + PORT + "/services/";
+ WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ // Get Authorization Code
+ String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
+ assertNotNull(code);
+
+ // Now get the access token
+ client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "consumer-id", "this-is-a-secret", busFile.toString());
+ // Save the Cookie for the second request...
+ WebClient.getConfig(client).getRequestContext().put(
+ org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+ ClientAccessToken accessToken =
+ OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
+ assertNotNull(accessToken.getTokenKey());
+ assertTrue(accessToken.getApprovedScope().contains("openid"));
+
+ String idToken = accessToken.getParameters().get("id_token");
+ assertNotNull(idToken);
+
+ JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+
+ // Now get the key to validate the token
+ client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
+ "alice", "security", busFile.toString());
+ client.accept("application/json");
+
+ client.path("keys/");
+ Response response = client.get();
+ JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
+
+ Assert.assertTrue(jwtConsumer.verifySignatureWith(jsonWebKeys.getKeys().get(0),
+ SignatureAlgorithm.RS256));
+ }
+
private void validateIdToken(String idToken, String nonce)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
http://git-wip-us.apache.org/repos/asf/cxf/blob/210f068d/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
index 988910e..93873df 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-server.xml
@@ -122,6 +122,7 @@ under the License.
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="basicAuthFilter"/>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
</jaxrs:providers>
<jaxrs:properties>
<entry key="rs.security.keystore.type" value="jks" />