Sync with SVN

GluuFederation · Aug 29, 2014 · f3af255 · f3af255
1 parent 0594333
commit f3af255
Show file tree

Hide file tree

Showing 61 changed files with 1,245 additions and 205 deletions.
diff --git a/Client/pom.xml b/Client/pom.xml
@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.xdi</groupId>
         <artifactId>oxauth</artifactId>
-        <version>1.3.2.Final</version>
+        <version>1.4.1.Final</version>
     </parent>
 
     <prerequisites>

diff --git a/Client/src/test/java/org/xdi/oxauth/BaseTest.java b/Client/src/test/java/org/xdi/oxauth/BaseTest.java
@@ -13,12 +13,8 @@
 import org.openqa.selenium.WebDriver;
 import org.openqa.selenium.WebElement;
 import org.openqa.selenium.chrome.ChromeDriver;
-import org.openqa.selenium.firefox.FirefoxDriver;
 import org.openqa.selenium.htmlunit.HtmlUnitDriver;
-import org.openqa.selenium.remote.DesiredCapabilities;
-import org.openqa.selenium.remote.RemoteWebDriver;
 import org.openqa.selenium.support.ui.ExpectedCondition;
-import org.openqa.selenium.support.ui.ExpectedConditions;
 import org.openqa.selenium.support.ui.WebDriverWait;
 import org.testng.ITestContext;
 import org.testng.annotations.BeforeTest;
@@ -28,12 +24,9 @@
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.concurrent.TimeUnit;
 
 import static org.testng.Assert.*;
 
@@ -317,7 +310,7 @@ public void discovery(ITestContext context) throws Exception {
             assertTrue(response.getScopeToClaimsMapping().size() > 0, "The scope to claims mapping is empty");
             assertTrue(response.getResponseTypesSupported().size() > 0, "The responseTypesSupported is empty");
             assertTrue(response.getGrantTypesSupported().size() > 0, "The grantTypesSupported is empty");
-            assertTrue(response.getAcrValuesSupported().size() > 0, "The acrValuesSupported is empty");
+            assertTrue(response.getAcrValuesSupported().size() == 0, "The acrValuesSupported is not empty");
             assertTrue(response.getAmrValuesSupported().size() > 0, "The amrValuesSupported is empty");
             assertTrue(response.getSubjectTypesSupported().size() > 0, "The subjectTypesSupported is empty");
             assertTrue(response.getIdTokenSigningAlgValuesSupported().size() > 0, "The idTokenSigningAlgValuesSupported is empty");

diff --git a/Client/src/test/java/org/xdi/oxauth/interop/SupportClaimsRequestSpecifyingSubValue.java b/Client/src/test/java/org/xdi/oxauth/interop/SupportClaimsRequestSpecifyingSubValue.java
@@ -0,0 +1,227 @@
+package org.xdi.oxauth.interop;
+
+import org.apache.http.client.CookieStore;
+import org.apache.http.impl.client.BasicCookieStore;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.jboss.resteasy.client.ClientExecutor;
+import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
+import org.testng.annotations.Parameters;
+import org.testng.annotations.Test;
+import org.xdi.oxauth.BaseTest;
+import org.xdi.oxauth.client.*;
+import org.xdi.oxauth.client.model.authorize.Claim;
+import org.xdi.oxauth.client.model.authorize.ClaimValue;
+import org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest;
+import org.xdi.oxauth.dev.HostnameVerifierType;
+import org.xdi.oxauth.model.authorize.AuthorizeErrorResponseType;
+import org.xdi.oxauth.model.common.Prompt;
+import org.xdi.oxauth.model.common.ResponseType;
+import org.xdi.oxauth.model.crypto.signature.RSAPublicKey;
+import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
+import org.xdi.oxauth.model.jws.RSASigner;
+import org.xdi.oxauth.model.jwt.Jwt;
+import org.xdi.oxauth.model.jwt.JwtClaimName;
+import org.xdi.oxauth.model.jwt.JwtHeaderName;
+import org.xdi.oxauth.model.register.ApplicationType;
+import org.xdi.oxauth.model.util.StringUtils;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNotNull;
+import static org.testng.Assert.assertTrue;
+
+/**
+ * OC5:FeatureTest-Support claims Request Specifying sub Value
+ * If that user is logged in, the request succeeds, otherwise it fails.
+ *
+ * @author Javier Rojas Blum
+ * @version 1.0, 07/21/2014
+ */
+public class SupportClaimsRequestSpecifyingSubValue extends BaseTest {
+
+    @Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "hostnameVerifier"})
+    @Test
+    public void supportClaimsRequestSpecifyingSubValueSucceed(
+            final String userId, final String userSecret, final String redirectUri, final String redirectUris,
+            String hostnameVerifier) throws Exception {
+        showTitle("OC5:FeatureTest-Support claims Request Specifying sub Value (succeed)");
+
+        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
+
+        // 1. Register client
+        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
+                StringUtils.spaceSeparatedToList(redirectUris));
+        registerRequest.setResponseTypes(responseTypes);
+
+        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
+        registerClient.setRequest(registerRequest);
+        RegisterResponse registerResponse = registerClient.exec();
+
+        showClient(registerClient);
+        assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
+        assertNotNull(registerResponse.getClientId());
+        assertNotNull(registerResponse.getClientSecret());
+        assertNotNull(registerResponse.getRegistrationAccessToken());
+        assertNotNull(registerResponse.getClientIdIssuedAt());
+        assertNotNull(registerResponse.getClientSecretExpiresAt());
+
+        String clientId = registerResponse.getClientId();
+        String clientSecret = registerResponse.getClientSecret();
+
+        DefaultHttpClient httpClient = createHttpClient(HostnameVerifierType.fromString(hostnameVerifier));
+        CookieStore cookieStore = new BasicCookieStore();
+        httpClient.setCookieStore(cookieStore);
+        ClientExecutor clientExecutor = new ApacheHttpClient4Executor(httpClient);
+
+        List<String> scopes = Arrays.asList("openid", "email");
+        String nonce = UUID.randomUUID().toString();
+        String state = "STATE_XYZ";
+
+        // 2. Request authorization (first time)
+        AuthorizationRequest authorizationRequest1 = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
+        authorizationRequest1.setAuthUsername(userId);
+        authorizationRequest1.setAuthPassword(userSecret);
+        authorizationRequest1.getPrompts().add(Prompt.NONE);
+        authorizationRequest1.setState(state);
+
+        AuthorizeClient authorizeClient1 = new AuthorizeClient(authorizationEndpoint);
+        authorizeClient1.setRequest(authorizationRequest1);
+        AuthorizationResponse authorizationResponse1 = authorizeClient1.exec(clientExecutor);
+
+        assertNotNull(authorizationResponse1.getLocation(), "The location is null");
+        assertNotNull(authorizationResponse1.getIdToken(), "The ID Token is null");
+        assertNotNull(authorizationResponse1.getAccessToken(), "The Access Token is null");
+        assertNotNull(authorizationResponse1.getState(), "The state is null");
+        assertNotNull(authorizationResponse1.getScope(), "The scope is null");
+
+        String sessionId = authorizationResponse1.getSessionId();
+
+        // 3. Request authorization
+        AuthorizationRequest authorizationRequest2 = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
+        //authorizationRequest2.setAuthUsername(userId);
+        //authorizationRequest2.setAuthPassword(userSecret);
+        authorizationRequest2.getPrompts().add(Prompt.NONE);
+        authorizationRequest2.setState(state);
+        authorizationRequest2.setSessionId(sessionId);
+
+        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest2, SignatureAlgorithm.HS256, clientSecret);
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createNull()));
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createNull()));
+        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId)));
+
+        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
+        authorizationRequest2.setRequest(authJwt);
+
+        AuthorizeClient authorizeClient2 = new AuthorizeClient(authorizationEndpoint);
+        authorizeClient2.setRequest(authorizationRequest2);
+        AuthorizationResponse authorizationResponse2 = authorizeClient2.exec(clientExecutor);
+
+        assertNotNull(authorizationResponse2.getLocation(), "The location is null");
+        assertNotNull(authorizationResponse2.getAccessToken(), "The accessToken is null");
+        assertNotNull(authorizationResponse2.getTokenType(), "The tokenType is null");
+        assertNotNull(authorizationResponse2.getIdToken(), "The idToken is null");
+        assertNotNull(authorizationResponse2.getState(), "The state is null");
+
+        String idToken = authorizationResponse2.getIdToken();
+        String accessToken = authorizationResponse2.getAccessToken();
+
+        // 4. Validate id_token
+        Jwt jwt = Jwt.parse(idToken);
+        assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
+        assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
+
+        RSAPublicKey publicKey = JwkClient.getRSAPublicKey(
+                jwksUri,
+                jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
+        RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
+
+        assertTrue(rsaSigner.validate(jwt));
+
+        // 5. Request user info
+        UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
+        UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
+
+        showClient(userInfoClient);
+        assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
+    }
+
+    @Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "hostnameVerifier"})
+    @Test
+    public void supportClaimsRequestSpecifyingSubValueFail(
+            final String userId, final String userSecret, final String redirectUri, final String redirectUris,
+            String hostnameVerifier) throws Exception {
+        showTitle("OC5:FeatureTest-Support claims Request Specifying sub Value (fail)");
+
+        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
+
+        // 1. Register client
+        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
+                StringUtils.spaceSeparatedToList(redirectUris));
+        registerRequest.setResponseTypes(responseTypes);
+
+        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
+        registerClient.setRequest(registerRequest);
+        RegisterResponse registerResponse = registerClient.exec();
+
+        showClient(registerClient);
+        assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
+        assertNotNull(registerResponse.getClientId());
+        assertNotNull(registerResponse.getClientSecret());
+        assertNotNull(registerResponse.getRegistrationAccessToken());
+        assertNotNull(registerResponse.getClientIdIssuedAt());
+        assertNotNull(registerResponse.getClientSecretExpiresAt());
+
+        String clientId = registerResponse.getClientId();
+        String clientSecret = registerResponse.getClientSecret();
+
+        DefaultHttpClient httpClient = createHttpClient(HostnameVerifierType.fromString(hostnameVerifier));
+        CookieStore cookieStore = new BasicCookieStore();
+        httpClient.setCookieStore(cookieStore);
+        ClientExecutor clientExecutor = new ApacheHttpClient4Executor(httpClient);
+
+        // 2. Request authorization
+        List<String> scopes = Arrays.asList("openid", "email");
+        String nonce = UUID.randomUUID().toString();
+        String state = "af0ifjsldkj";
+
+        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
+        authorizationRequest.setAuthUsername(userId);
+        authorizationRequest.setAuthPassword(userSecret);
+        authorizationRequest.getPrompts().add(Prompt.NONE);
+        authorizationRequest.setState(state);
+
+        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret);
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createNull()));
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createNull()));
+        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId)));
+
+        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
+        authorizationRequest.setRequest(authJwt);
+
+        AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
+        authorizeClient.setRequest(authorizationRequest);
+
+        AuthorizationResponse authorizationResponse = authorizeClient.exec();
+
+        showClient(authorizeClient);
+        assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
+        assertNotNull(authorizationResponse.getErrorType(), "The error type is null");
+        assertEquals(authorizationResponse.getErrorType(), AuthorizeErrorResponseType.USER_MISMATCHED);
+        assertNotNull(authorizationResponse.getErrorDescription(), "The error description is null");
+    }
+}
diff --git a/Client/src/test/java/org/xdi/oxauth/interop/SupportRegistrationRead.java b/Client/src/test/java/org/xdi/oxauth/interop/SupportRegistrationRead.java
@@ -0,0 +1,96 @@
+package org.xdi.oxauth.interop;
+
+import org.testng.annotations.Parameters;
+import org.testng.annotations.Test;
+import org.xdi.oxauth.BaseTest;
+import org.xdi.oxauth.client.RegisterClient;
+import org.xdi.oxauth.client.RegisterRequest;
+import org.xdi.oxauth.client.RegisterResponse;
+import org.xdi.oxauth.model.common.AuthenticationMethod;
+import org.xdi.oxauth.model.common.ResponseType;
+import org.xdi.oxauth.model.common.SubjectType;
+import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
+import org.xdi.oxauth.model.register.ApplicationType;
+import org.xdi.oxauth.model.util.StringUtils;
+
+import java.util.Arrays;
+import java.util.List;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNotNull;
+import static org.xdi.oxauth.model.register.RegisterRequestParam.*;
+
+/**
+ * OC5:FeatureTest-Support Registration Read
+ *
+ * @author Javier Rojas Blum
+ * @version 1.0, 07/21/2014
+ */
+public class SupportRegistrationRead extends BaseTest {
+
+    @Parameters({"redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri"})
+    @Test
+    public void supportRegistrationRead(
+            final String redirectUris, final String redirectUri, final String userId, final String userSecret,
+            final String sectorIdentifierUri) throws Exception {
+        showTitle("OC5:FeatureTest-Support Registration Read");
+
+        List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
+
+        // 1. Register client
+        RegisterRequest registerRequest1 = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
+                StringUtils.spaceSeparatedToList(redirectUris));
+        registerRequest1.setContacts(Arrays.asList("[email protected]", "[email protected]"));
+        registerRequest1.setLogoUri("http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
+        registerRequest1.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
+        registerRequest1.setPolicyUri("http://www.gluu.org/policy");
+        registerRequest1.setJwksUri("http://www.gluu.org/jwks");
+        registerRequest1.setSectorIdentifierUri(sectorIdentifierUri);
+        registerRequest1.setSubjectType(SubjectType.PUBLIC);
+        registerRequest1.setRequestObjectSigningAlg(SignatureAlgorithm.RS256);
+        registerRequest1.setRequestUris(Arrays.asList("http://www.gluu.org/request"));
+
+        RegisterClient registerClient1 = new RegisterClient(registrationEndpoint);
+        registerClient1.setRequest(registerRequest1);
+        RegisterResponse registerResponse1 = registerClient1.exec();
+
+        showClient(registerClient1);
+        assertEquals(registerResponse1.getStatus(), 200, "Unexpected response code: " + registerResponse1.getEntity());
+        assertNotNull(registerResponse1.getClientId());
+        assertNotNull(registerResponse1.getClientSecret());
+        assertNotNull(registerResponse1.getRegistrationAccessToken());
+        assertNotNull(registerResponse1.getClientSecretExpiresAt());
+        assertNotNull(registerResponse1.getClaims().get(SCOPES.toString()));
+
+        String clientId = registerResponse1.getClientId();
+        String registrationAccessToken = registerResponse1.getRegistrationAccessToken();
+        String registrationClientUri = registerResponse1.getRegistrationClientUri();
+
+        // 2. Client Read
+        RegisterRequest registerRequest2 = new RegisterRequest(registrationAccessToken);
+
+        RegisterClient registerClient2 = new RegisterClient(registrationClientUri);
+        registerClient2.setRequest(registerRequest2);
+        RegisterResponse registerResponse2 = registerClient2.exec();
+
+        showClient(registerClient2);
+        assertEquals(registerResponse2.getStatus(), 200, "Unexpected response code: " + registerResponse2.getEntity());
+        assertNotNull(registerResponse2.getClientId());
+        assertNotNull(registerResponse2.getClientSecret());
+        assertNotNull(registerResponse2.getRegistrationAccessToken());
+        assertNotNull(registerResponse2.getRegistrationClientUri());
+        assertNotNull(registerResponse2.getClientSecretExpiresAt());
+        assertNotNull(registerResponse2.getClaims().get(APPLICATION_TYPE.toString()));
+        assertNotNull(registerResponse2.getClaims().get(POLICY_URI.toString()));
+        assertNotNull(registerResponse2.getClaims().get(REQUEST_OBJECT_SIGNING_ALG.toString()));
+        assertNotNull(registerResponse2.getClaims().get(CONTACTS.toString()));
+        assertNotNull(registerResponse2.getClaims().get(SECTOR_IDENTIFIER_URI.toString()));
+        assertNotNull(registerResponse2.getClaims().get(SUBJECT_TYPE.toString()));
+        assertNotNull(registerResponse2.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
+        assertNotNull(registerResponse2.getClaims().get(JWKS_URI.toString()));
+        assertNotNull(registerResponse2.getClaims().get(CLIENT_NAME.toString()));
+        assertNotNull(registerResponse2.getClaims().get(LOGO_URI.toString()));
+        assertNotNull(registerResponse2.getClaims().get(REQUEST_URIS.toString()));
+        assertNotNull(registerResponse2.getClaims().get("scopes"));
+    }
+}