diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java index 915195cad..e1caa7838 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java @@ -18,52 +18,127 @@ package org.mitre.openid.connect.client.service.impl; import static org.junit.Assert.*; +import java.net.URISyntaxException; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; +import java.util.Map; + +import org.apache.http.client.utils.URIBuilder; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.mitre.jwt.signer.service.JwtSigningAndValidationService; +import org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.mitre.oauth2.model.RegisteredClient; import org.mitre.openid.connect.config.ServerConfiguration; -import org.mockito.InjectMocks; -import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; +import com.google.common.base.Joiner; +import com.google.common.collect.Maps; import com.google.common.collect.Sets; +import com.nimbusds.jose.Algorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.jwk.JWK; +import com.nimbusds.jose.jwk.RSAKey; +import com.nimbusds.jose.jwk.Use; +import com.nimbusds.jose.util.Base64URL; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.SignedJWT; /** * @author wkim - * + * */ -@RunWith(MockitoJUnitRunner.class) public class TestSignedAuthRequestUrlBuilder { - + // Test fixture: ServerConfiguration serverConfig; RegisteredClient clientConfig; - - @Mock - private JwtSigningAndValidationService signingAndValidationService; - - @InjectMocks + + // RSA key properties: + // {@link package com.nimbusds.jose.jwk#RSAKey} + private String n = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zw" + + "u1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc" + + "5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8K" + + "JZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh" + + "6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"; + private String e = "AQAB"; + private String d = "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo7GURknc" + + "hnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqijwp3RTzlBaCxWp4doFk5" + + "N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d_cPVY3i07a3t8MN6TNwm0dSa" + + "wm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk1" + + "9Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q"; + private String alg = "RS256"; + private String kid = "2011-04-29"; + + private DefaultJwtSigningAndValidationService signingAndValidationService; + private SignedAuthRequestUrlBuilder urlBuilder = new SignedAuthRequestUrlBuilder(); @Before - public void prepare() { - - Mockito.reset(signingAndValidationService); - + public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException { + + RSAKey key = new RSAKey(new Base64URL(n), new Base64URL(e), new Base64URL(d), Use.SIGNATURE, new Algorithm(alg), kid); + Map keys = Maps.newHashMap(); + keys.put("client", key); + + signingAndValidationService = new DefaultJwtSigningAndValidationService(keys); + signingAndValidationService.setDefaultSignerKeyId("client"); + signingAndValidationService.setDefaultSigningAlgorithmName(alg); + + urlBuilder.setSigningAndValidationService(signingAndValidationService); + serverConfig = Mockito.mock(ServerConfiguration.class); Mockito.when(serverConfig.getAuthorizationEndpointUri()).thenReturn("https://server.example.com/authorize"); - + clientConfig = Mockito.mock(RegisteredClient.class); Mockito.when(clientConfig.getClientId()).thenReturn("s6BhdRkqt3"); Mockito.when(clientConfig.getScope()).thenReturn(Sets.newHashSet("openid", "profile")); } - - @Test //TODO - public void test() { - assertTrue("Not yet implemented", true); + + @Test + public void buildAuthRequestUrl() { + + String redirectUri = "https://client.example.org/"; + String nonce = "34fasf3ds"; + String state = "af0ifjsldkj"; + + JWTClaimsSet claims = new JWTClaimsSet(); + + //set parameters to JwtClaims + claims.setCustomClaim("response_type", "code"); + claims.setCustomClaim("client_id", clientConfig.getClientId()); + claims.setCustomClaim("scope", Joiner.on(" ").join(clientConfig.getScope())); + + // build our redirect URI + claims.setCustomClaim("redirect_uri", redirectUri); + + // this comes back in the id token + claims.setCustomClaim("nonce", nonce); + + // this comes back in the auth request return + claims.setCustomClaim("state", state); + + SignedJWT jwt = new SignedJWT(new JWSHeader(signingAndValidationService.getDefaultSigningAlgorithm()), claims); + + signingAndValidationService.signJwt(jwt); + + String expected = null; + + try { + + URIBuilder uriBuilder = new URIBuilder(serverConfig.getAuthorizationEndpointUri()); + uriBuilder.addParameter("request", jwt.serialize()); + + expected = uriBuilder.build().toString(); + + } catch (URISyntaxException e) { + fail("URISyntaxException occurred."); + } + + String actual = urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, redirectUri, nonce, state); + + assertEquals(expected, actual); } }