@Test public void requestClientAssociateInBlackList() throws Exception { showTitle("requestClientAssociateInBlackList"); final String redirectUris = "https://www.attacker.com"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse response = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
/** * Fail: Register a client with Application Type <code>web</code> and Redirect URI with the schema HTTP. */ @Test public void applicationTypeWebFail1() throws Exception { showTitle("applicationTypeWebFail1"); final String redirectUris = "http://client.example.com/cb"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); }
/** * Fail: Register a client with Application Type <code>native</code> and Redirect URI with the schema HTTPS. */ @Test(enabled = false) //allowed to register redirect_uris with custom schema to conform "OAuth 2.0 for Native Apps" spec public void applicationTypeNativeFail1() throws Exception { showTitle("applicationTypeNativeFail1"); final String redirectUris = "https://client.example.com/cb"; RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.NATIVE, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); }
/** * Fail: Register a client with Application Type <code>native</code> and Redirect URI with the host different than localhost. */ @Parameters({"redirectUris"}) @Test(enabled = false) //allowed to register redirect_uris with custom schema to conform "OAuth 2.0 for Native Apps" spec public void applicationTypeNativeFail2(final String redirectUris) throws Exception { showTitle("applicationTypeNativeFail2"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); RegisterResponse registerResponse = registerClient.execRegister(ApplicationType.NATIVE, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getEntity(), "The entity is null"); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
@Parameters({"redirectUri"}) @Test public void rejectRegistrationOfRedirectUriWithFragment(final String redirectUri) throws Exception { showTitle("OC5:FeatureTest-Reject Registration of redirect uri with Fragment"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUri + "#foo1=bar")); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getStatus()); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
@Parameters({"redirectUris"}) @Test public void registerWithHttp2(final String redirectUris) throws Exception { showTitle("registerWithHttp2"); List<String> redirectUriList = Lists.newArrayList(StringUtils.spaceSeparatedToList(redirectUris)); redirectUriList.add("http://127.0.0.1/cb"); // URI with HTTP schema RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth web test app with HTTP schema in URI", redirectUriList); registerRequest.setSubjectType(SubjectType.PUBLIC); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setExecutor(clientExecutor(true)); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); }
@Parameters({"redirectUris"}) @Test public void registerWithHttp1(final String redirectUris) throws Exception { showTitle("registerWithHttp1"); List<String> redirectUriList = Lists.newArrayList(StringUtils.spaceSeparatedToList(redirectUris)); redirectUriList.add("http://localhost/cb"); // URI with HTTP schema RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth web test app with HTTP schema in URI", redirectUriList); registerRequest.setSubjectType(SubjectType.PUBLIC); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setExecutor(clientExecutor(true)); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); }
@Parameters({"redirectUris"}) @Test public void registerWithCustomURI(final String redirectUris) throws Exception { showTitle("requestClientAssociate1"); List<String> redirectUriList = Lists.newArrayList(StringUtils.spaceSeparatedToList(redirectUris)); redirectUriList.add("myschema://client.example.com/cb"); // URI with custom schema RegisterRequest registerRequest = new RegisterRequest(ApplicationType.NATIVE, "oxAuth native test app with custom schema in URI", redirectUriList); registerRequest.setSubjectType(SubjectType.PUBLIC); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setExecutor(clientExecutor(true)); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); }
@Parameters({"redirectUris", "sectorIdentifierUri"}) @Test public void requestClientAssociate1(final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("requestClientAssociate1"); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); }
@Parameters({"sectorIdentifierUri"}) @Test public void rejectsSectorIdentifierNotContainingRegisteredRedirectUriValues(final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Rejects Sector Identifier Not Containing Registered redirect uri Values"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList("https://not_registered")); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setResponseTypes(responseTypes); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 400, "Unexpected response code: " + registerResponse.getStatus()); assertNotNull(registerResponse.getErrorType(), "The error type is null"); assertNotNull(registerResponse.getErrorDescription(), "The error description is null"); } }
@Parameters({"redirectUris"}) @Test public void sectorIdentifierUrlVerificationFail1(final String redirectUris) throws Exception { showTitle("sectorIdentifierUrlVerificationFail1"); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri("https://INVALID_SECTOR_IDENTIFIER_URL"); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
@Parameters({"redirectUris"}) @Test public void requestClientRegistrationFail4(final String redirectUris) throws Exception { showTitle("requestClientRegistrationFail4"); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE); // id_token signature cannot be none RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400); assertNotNull(response.getEntity()); assertNotNull(response.getErrorType()); assertNotNull(response.getErrorDescription()); }
@Parameters({"sectorIdentifierUri"}) @Test public void sectorIdentifierUrlVerificationFail2(final String sectorIdentifierUri) throws Exception { showTitle("sectorIdentifierUrlVerificationFail2"); String redirectUris = "https://INVALID_REDIRECT_URI https://client.example.com/cb https://client.example.com/cb1 https://client.example.com/cb2"; RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); }
private RegisterResponse registerClient(final String redirectUris, final List<ResponseType> responseTypes, final List<GrantType> grantTypes, final String sectorIdentifierUri) { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setGrantTypes(grantTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setSubjectType(SubjectType.PAIRWISE); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); return registerResponse; }
private RegisterResponse registerClient( final String redirectUris, List<ResponseType> responseTypes, List<String> scopes, String sectorIdentifierUri) { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setScope(scopes); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); return registerResponse; }
@Test(dependsOnMethods = "requestClientAssociate") public void requestClientUpdate() throws Exception { showTitle("requestClientUpdate"); final String redirectUris = "https://www.attacker.com"; final RegisterRequest registerRequest = new RegisterRequest(registrationAccessToken1); registerRequest.setHttpMethod(HttpMethod.PUT); registerRequest.setRedirectUris(StringUtils.spaceSeparatedToList(redirectUris)); final RegisterClient registerClient = new RegisterClient(registrationClientUri1); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); final RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 400, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "The entity is null"); assertNotNull(response.getErrorType(), "The error type is null"); assertNotNull(response.getErrorDescription(), "The error description is null"); } }
private RegisterResponse registerClient( final String redirectUris, List<ResponseType> responseTypes, List<String> scopes, String sectorIdentifierUri) { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setScope(scopes); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); return registerResponse; }
private RegisterResponse registerClient( final String redirectUris, List<ResponseType> responseTypes, List<String> scopes, String sectorIdentifierUri) { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setScope(scopes); registerRequest.setSubjectType(SubjectType.PAIRWISE); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); return registerResponse; } }
@Parameters({"redirectUris", "sectorIdentifierUri"}) @Test public void requestClientAssociate(final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("requestClientAssociate"); RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); registerClient.setExecutor(clientExecutor(true)); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); assertNotNull(response.getClaims().get(SCOPE.toString())); registrationAccessToken1 = response.getRegistrationAccessToken(); registrationClientUri1 = response.getRegistrationClientUri(); }
private RegisterResponse registerClient(String redirectUris, List<ResponseType> responseTypes, List<String> scopes) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException { RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "access token as JWT test", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setScope(scopes); registerRequest.setAccessTokenAsJwt(true); registerRequest.setAccessTokenSigningAlg(SignatureAlgorithm.RS512); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setExecutor(clientExecutor(true)); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); return registerResponse; }