-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'fapi1final-RP-changes' into 'master'
Add FAPI1 Advanced RP tests, initial version See merge request openid/conformance-suite!989
- Loading branch information
Showing
71 changed files
with
1,695 additions
and
261 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,11 @@ | ||
[] | ||
[ | ||
{ | ||
"test-name": "fapi1-advanced-final-client-test-invalid-scope-in-token-endpoint-response", | ||
"variant": "*", | ||
"configuration-filename": "automated-ob-client-test*.json", | ||
"current-block": "", | ||
"condition": "fapi1-advanced-final-client-test-invalid-scope-in-token-endpoint-response", | ||
"expected-result": "failure", | ||
"comment": "The client does not support fapi1 final yet" | ||
} | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
43 changes: 43 additions & 0 deletions
43
src/main/java/net/openid/conformance/condition/as/AbstractExtractRequestObject.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.common.base.Strings; | ||
import com.google.gson.JsonObject; | ||
import com.nimbusds.jose.JOSEException; | ||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PostEnvironment; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
import net.openid.conformance.util.JWTUtil; | ||
|
||
import java.text.ParseException; | ||
|
||
public abstract class AbstractExtractRequestObject extends AbstractCondition { | ||
|
||
public Environment processRequestObjectString(String requestObjectString, Environment env) { | ||
|
||
if (Strings.isNullOrEmpty(requestObjectString)) { | ||
throw error("Could not find request object in request parameters"); | ||
} | ||
|
||
try { | ||
JsonObject client = env.getObject("client"); | ||
JsonObject serverEncKeys = env.getObject("server_encryption_keys"); | ||
JsonObject jsonObjectForJwt = JWTUtil.jwtStringToJsonObjectForEnvironment(requestObjectString, client, serverEncKeys); | ||
|
||
if(jsonObjectForJwt==null) { | ||
throw error("Couldn't extract request object", args("request", requestObjectString)); | ||
} | ||
env.putObject("authorization_request_object", jsonObjectForJwt); | ||
|
||
logSuccess("Parsed request object", args("request_object", jsonObjectForJwt)); | ||
|
||
return env; | ||
|
||
} catch (ParseException e) { | ||
throw error("Couldn't parse request object", e, args("request", requestObjectString)); | ||
} catch (JOSEException e) { | ||
throw error("Request object decryption failed", e, args("request", requestObjectString)); | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
...formance/condition/as/AddAuthorizationSigningAlgValuesSupportedToServerConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.gson.JsonArray; | ||
import com.google.gson.JsonObject; | ||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PostEnvironment; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
|
||
public class AddAuthorizationSigningAlgValuesSupportedToServerConfiguration extends AbstractCondition { | ||
|
||
@Override | ||
@PreEnvironment(required = {"server"}, strings = "signing_algorithm") | ||
@PostEnvironment(required = "server") | ||
public Environment evaluate(Environment env) { | ||
String alg = env.getString("signing_algorithm"); | ||
JsonArray data = new JsonArray(); | ||
data.add(alg); | ||
|
||
JsonObject server = env.getObject("server"); | ||
server.add("authorization_signing_alg_values_supported", data); | ||
|
||
logSuccess("Added authorization_signing_alg_values_supported to server configuration", | ||
args ("alg_values", data)); | ||
return env; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
...in/java/net/openid/conformance/condition/as/AddJARMResponseModeToServerConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.gson.JsonArray; | ||
import com.google.gson.JsonObject; | ||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PostEnvironment; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
|
||
public class AddJARMResponseModeToServerConfiguration extends AbstractCondition { | ||
|
||
@Override | ||
@PreEnvironment(required = "server") | ||
@PostEnvironment(required = "server") | ||
public Environment evaluate(Environment env) { | ||
|
||
JsonArray data = new JsonArray(); | ||
data.add("jwt"); | ||
|
||
JsonObject server = env.getObject("server"); | ||
server.add("response_modes_supported", data); | ||
|
||
logSuccess("Added jwt as response_modes_supported", args ("response_modes_supported", data)); | ||
|
||
return env; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
...in/java/net/openid/conformance/condition/as/AddResponseTypeCodeToServerConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.gson.JsonArray; | ||
import com.google.gson.JsonObject; | ||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PostEnvironment; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
|
||
public class AddResponseTypeCodeToServerConfiguration extends AbstractCondition { | ||
|
||
@Override | ||
@PreEnvironment(required = "server") | ||
@PostEnvironment(required = "server") | ||
public Environment evaluate(Environment env) { | ||
|
||
JsonArray data = new JsonArray(); | ||
data.add("code"); | ||
|
||
JsonObject server = env.getObject("server"); | ||
server.add("response_types_supported", data); | ||
|
||
logSuccess("Added code as response type supported", args ("response_types_supported", data)); | ||
|
||
return env; | ||
} | ||
} |
22 changes: 22 additions & 0 deletions
22
...in/java/net/openid/conformance/condition/as/ChangeIdTokenEncryptedResponseAlgToRSA15.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.gson.JsonObject; | ||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PostEnvironment; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.runner.TestDispatcher; | ||
import net.openid.conformance.testmodule.Environment; | ||
import net.openid.conformance.testmodule.OIDFJSON; | ||
|
||
public class ChangeIdTokenEncryptedResponseAlgToRSA15 extends AbstractCondition { | ||
|
||
@Override | ||
@PreEnvironment(required = "client") | ||
@PostEnvironment(required = "client") | ||
public Environment evaluate(Environment env) { | ||
JsonObject client = env.getObject("client"); | ||
client.addProperty("id_token_encrypted_response_alg", "RSA1_5"); | ||
log("Changed id_token_encrypted_response_alg to RSA1_5"); | ||
return env; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
src/main/java/net/openid/conformance/condition/as/EncryptJARMResponse.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.gson.JsonElement; | ||
import com.google.gson.JsonObject; | ||
import net.openid.conformance.condition.PostEnvironment; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
|
||
public class EncryptJARMResponse extends AbstractJWEEncryptStringToClient | ||
{ | ||
|
||
@Override | ||
@PreEnvironment(strings = "jarm_response", required = "client") | ||
@PostEnvironment(strings = "jarm_response") | ||
public Environment evaluate(Environment env) { | ||
|
||
String response = env.getString("jarm_response"); | ||
String alg = env.getString("client", "authorization_encrypted_response_alg"); | ||
String enc = env.getString("client", "authorization_encrypted_response_enc"); | ||
String clientSecret = env.getString("client", "client_secret"); | ||
//client jwks may be null | ||
JsonElement clientJwksElement = env.getElementFromObject("client", "jwks"); | ||
JsonObject clientJwks = null; | ||
if(clientJwksElement!=null) { | ||
clientJwks = clientJwksElement.getAsJsonObject(); | ||
} | ||
|
||
String encryptedResponse = encrypt(response, clientSecret, clientJwks, alg, enc, | ||
"authorization_encrypted_response_alg", "authorization_encrypted_response_enc"); | ||
|
||
log("Encrypted the JARM response", args("response", encryptedResponse, | ||
"authorization_encrypted_response_alg", alg, | ||
"authorization_encrypted_response_enc", enc)); | ||
env.putString("jarm_response", encryptedResponse); | ||
return env; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 22 additions & 0 deletions
22
...net/openid/conformance/condition/as/EnsureAuthorizationRequestContainsStateParameter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.common.base.Strings; | ||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
|
||
public class EnsureAuthorizationRequestContainsStateParameter extends AbstractCondition { | ||
|
||
@Override | ||
@PreEnvironment(required = CreateEffectiveAuthorizationRequestParameters.ENV_KEY) | ||
public Environment evaluate(Environment env) { | ||
String state = env.getString(CreateEffectiveAuthorizationRequestParameters.ENV_KEY, CreateEffectiveAuthorizationRequestParameters.STATE); | ||
if (Strings.isNullOrEmpty(state)) { | ||
throw error("Missing state parameter"); | ||
} else { | ||
logSuccess("Found state parameter", args("state", state)); | ||
return env; | ||
} | ||
} | ||
|
||
} |
25 changes: 25 additions & 0 deletions
25
...rmance/condition/as/EnsureClientIdInAuthorizationRequestParametersMatchRequestObject.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
|
||
public class EnsureClientIdInAuthorizationRequestParametersMatchRequestObject extends AbstractCondition { | ||
|
||
@Override | ||
@PreEnvironment(required = {"authorization_endpoint_http_request_params", "authorization_request_object"}) | ||
public Environment evaluate(Environment env) { | ||
String requestParam = env.getString("authorization_endpoint_http_request_params", "client_id"); | ||
String requestObjectValue = env.getString("authorization_request_object", "claims.client_id"); | ||
if(requestParam==null) { | ||
throw error("client_id not found in http request parameters"); | ||
} | ||
if(!requestParam.equals(requestObjectValue)) { | ||
throw error("client_id in http request parameters does not match client_id in request object", | ||
args("http_request_value", requestParam, "request_object_value", requestObjectValue)); | ||
} | ||
logSuccess("client_id http request parameter value matches client_id in request object"); | ||
return env; | ||
} | ||
|
||
} |
23 changes: 23 additions & 0 deletions
23
...ava/net/openid/conformance/condition/as/EnsureIdTokenEncryptedResponseAlgIsNotRSA1_5.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
package net.openid.conformance.condition.as; | ||
|
||
import com.google.gson.JsonElement; | ||
import com.google.gson.JsonObject; | ||
import net.openid.conformance.condition.AbstractCondition; | ||
import net.openid.conformance.condition.PostEnvironment; | ||
import net.openid.conformance.condition.PreEnvironment; | ||
import net.openid.conformance.testmodule.Environment; | ||
|
||
public class EnsureIdTokenEncryptedResponseAlgIsNotRSA1_5 extends AbstractCondition { | ||
|
||
@Override | ||
@PreEnvironment(required = "client") | ||
public Environment evaluate(Environment env) { | ||
String alg = env.getString("client", "id_token_encrypted_response_alg"); | ||
if("RSA1_5".equals(alg)) { | ||
throw error("RSA1_5 is not allowed"); | ||
} | ||
logSuccess("Id token encryption algorithm is not RSA1_5", args("alg", alg)); | ||
return env; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.