From ada1b0d24ea374cef77e19176282746a2d1451a1 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Fri, 19 Dec 2014 20:55:40 -0500 Subject: [PATCH] added unit tests for nonce-less url builders (exception cases) --- .../impl/TestPlainAuthRequestUrlBuilder.java | 20 +++++++++ .../impl/TestSignedAuthRequestUrlBuilder.java | 42 +++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java index 6f7a73508..1c45ccffe 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java @@ -82,5 +82,25 @@ public class TestPlainAuthRequestUrlBuilder { urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, "example.com", "", "", options); } + + @Test + public void buildAuthRequestUrl_withNoNonce() { + Mockito.when(serverConfig.isNonceEnabled()).thenReturn(false); + + String expectedUrl = "https://server.example.com/authorize?" + + "response_type=code" + + "&client_id=s6BhdRkqt3" + + "&scope=openid+profile" + // plus sign used for space per application/x-www-form-encoded standard + "&redirect_uri=https%3A%2F%2Fclient.example.org%2F" + + "&state=af0ifjsldkj" + + "&foo=bar"; + + Map options = ImmutableMap.of("foo", "bar"); + + String actualUrl = urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, "https://client.example.org/", null, "af0ifjsldkj", options); + + assertThat(actualUrl, equalTo(expectedUrl)); + + } } diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java index e3d677224..e0b760fca 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java @@ -159,4 +159,46 @@ public class TestSignedAuthRequestUrlBuilder { urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, "example.com", "", "", options); } + + @Test + public void buildAuthRequestUrl_withNoNonce() { + + Mockito.when(serverConfig.isNonceEnabled()).thenReturn(false); + + String requestUri = urlBuilder.buildAuthRequestUrl(serverConfig, clientConfig, redirectUri, null, state, options); + + // parsing the result + UriComponentsBuilder builder = null; + + try { + builder = UriComponentsBuilder.fromUri(new URI(requestUri)); + } catch (URISyntaxException e1) { + fail("URISyntaxException was thrown."); + } + + UriComponents components = builder.build(); + String jwtString = components.getQueryParams().get("request").get(0); + ReadOnlyJWTClaimsSet claims = null; + + try { + SignedJWT jwt = SignedJWT.parse(jwtString); + claims = jwt.getJWTClaimsSet(); + } catch (ParseException e) { + fail("ParseException was thrown."); + } + + assertEquals(responseType, claims.getClaim("response_type")); + assertEquals(clientConfig.getClientId(), claims.getClaim("client_id")); + + List scopeList = Arrays.asList(((String) claims.getClaim("scope")).split(" ")); + assertTrue(scopeList.containsAll(clientConfig.getScope())); + + assertEquals(redirectUri, claims.getClaim("redirect_uri")); + assertEquals(null, claims.getClaim("nonce")); + assertEquals(state, claims.getClaim("state")); + for (String claim : options.keySet()) { + assertEquals(options.get(claim), claims.getClaim(claim)); + } + } + }