added unit test for parsing signed jwt auth requests.

pull/419/head
William Kim 12 years ago
parent 34373d777c
commit 3edd6c83b3

@ -16,13 +16,18 @@
******************************************************************************/ ******************************************************************************/
package org.mitre.openid.connect.client.service.impl; package org.mitre.openid.connect.client.service.impl;
import static org.junit.Assert.*; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.text.ParseException;
import java.util.Map; import java.util.Map;
import net.minidev.json.JSONObject;
import org.apache.http.client.utils.URIBuilder; import org.apache.http.client.utils.URIBuilder;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -31,16 +36,20 @@ import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.config.ServerConfiguration; import org.mitre.openid.connect.config.ServerConfiguration;
import org.mockito.Mockito; import org.mockito.Mockito;
import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;
import com.google.common.base.Joiner; import com.google.common.base.Joiner;
import com.google.common.collect.Maps; import com.google.common.collect.Maps;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import com.nimbusds.jose.Algorithm; import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.jwk.JWK; import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.RSAKey; import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.Use; import com.nimbusds.jose.jwk.Use;
import com.nimbusds.jose.util.Base64URL; import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jose.util.JSONObjectUtils;
import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT; import com.nimbusds.jwt.SignedJWT;
@ -51,8 +60,13 @@ import com.nimbusds.jwt.SignedJWT;
public class TestSignedAuthRequestUrlBuilder { public class TestSignedAuthRequestUrlBuilder {
// Test fixture: // Test fixture:
ServerConfiguration serverConfig; private ServerConfiguration serverConfig;
RegisteredClient clientConfig; private RegisteredClient clientConfig;
private String redirectUri = "https://client.example.org/";
private String nonce = "34fasf3ds";
private String state = "af0ifjsldkj";
private String responseType = "code";
// RSA key properties: // RSA key properties:
// {@link package com.nimbusds.jose.jwk#RSAKey} // {@link package com.nimbusds.jose.jwk#RSAKey}
@ -98,14 +112,10 @@ public class TestSignedAuthRequestUrlBuilder {
@Test @Test
public void buildAuthRequestUrl() { public void buildAuthRequestUrl() {
String redirectUri = "https://client.example.org/";
String nonce = "34fasf3ds";
String state = "af0ifjsldkj";
JWTClaimsSet claims = new JWTClaimsSet(); JWTClaimsSet claims = new JWTClaimsSet();
//set parameters to JwtClaims //set parameters to JwtClaims
claims.setCustomClaim("response_type", "code"); claims.setCustomClaim("response_type", responseType);
claims.setCustomClaim("client_id", clientConfig.getClientId()); claims.setCustomClaim("client_id", clientConfig.getClientId());
claims.setCustomClaim("scope", Joiner.on(" ").join(clientConfig.getScope())); claims.setCustomClaim("scope", Joiner.on(" ").join(clientConfig.getScope()));
@ -148,4 +158,36 @@ public class TestSignedAuthRequestUrlBuilder {
urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, "example.com", "", ""); urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, "example.com", "", "");
} }
/**
* This test takes the URI from the result of building a signed request,
* and attempts to parse the JWS object to make sure that the content of the
* JWS object match up with the expected claim values.
*
* @throws URISyntaxException
* @throws ParseException
*/
@Test
public void verifyJwt() throws URISyntaxException, ParseException {
// The URI below was taken from the results of the buildAuthRequestUrl() unit test..
URI uri = new URI("https://server.example.com/authorize?request=" +
"eyJhbGciOiJSUzI1NiJ9." +
"eyJyZXNwb25zZV90eXBlIjoiY29kZSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUiLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvY2xpZW50LmV4YW1wbGUub3JnXC8iLCJub25jZSI6IjM0ZmFzZjNkcyIsInN0YXRlIjoiYWYwaWZqc2xka2oiLCJjbGllbnRfaWQiOiJzNkJoZFJrcXQzIn0." +
"m_1UVCTlr_3ksYmZzN5WUAhbr2E3x0RTWq8ZO7SZwNtIu_kGI29BeHUDaGM3A40A-IX9dMsNQlkr-88g6BdHU2Nd5LJCe4FCrvEo7xSQiGbEAKeFn_q_paVL2P_GJgVrwc7cKAECQzc8iJylXm_ZZgyMEU2YtR-CMXHM3pkY1hCYy6kkmteAMwvEYIz3JtLQ6P4QhMCRVYl_AY9LlwS1gmNpoCcwhnQRjxOk8SKIhMFgFkauyy97H9bM0bcy619awigdnP4ZFaEK1O7SQ3-3M_qDZ3BHGM3fWKy6ql5HZPKm2e8SqdShmnA0JKmEZegRBqms_Fpk9X81Tln7Bi883w");
UriComponentsBuilder builder = UriComponentsBuilder.fromUri(uri);
UriComponents components = builder.build();
String jwtString = components.getQueryParams().get("request").get(0);
JWSObject jws = JWSObject.parse(jwtString);
JSONObject json = JSONObjectUtils.parseJSONObject(jws.getPayload().toString());
assertEquals(redirectUri, json.get("redirect_uri"));
assertEquals(clientConfig.getClientId(), json.get("client_id"));
assertEquals(responseType, json.get("response_type"));
assertEquals(Joiner.on(" ").join(clientConfig.getScope()), json.get("scope"));
assertEquals(nonce, json.get("nonce"));
assertEquals(state, json.get("state"));
}
} }

Loading…
Cancel
Save