Class AbstractOidcClientAuthenticationFlowTest
- java.lang.Object
-
- org.springframework.test.context.testng.AbstractTestNGSpringContextTests
-
- net.shibboleth.idp.test.flows.AbstractFlowTest
-
- net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcFlowTest
-
- net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcApiFlowTest
-
- net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcClientAuthenticationFlowTest
-
- All Implemented Interfaces:
Aware,ApplicationContextAware,IHookable,ITestNGListener
- Direct Known Subclasses:
ClientCredentialsTokenFlowTest,IntrospectionFlowTest,RevocationFlowTest,TokenFlowTest
public abstract class AbstractOidcClientAuthenticationFlowTest extends AbstractOidcApiFlowTest
Base unit test class for flows involving JWT based authentication (client_secret_jwt or private_key_jwt).
-
-
Field Summary
Fields Modifier and Type Field Description (package private) StringclientId(package private) StringclientIdSaml(package private) StringclientSecret(package private) StringclientSecretSaml(package private) StringjwtAud(package private) RSAPrivateKeyrsaPrivateKey(package private) RSAPublicKeyrsaPublicKey-
Fields inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcFlowTest
END_STATE_ID
-
Fields inherited from class net.shibboleth.idp.test.flows.AbstractFlowTest
builderFactory, certFactoryBean, directoryServer, END_STATE_OUTPUT_ATTR_EXPR, END_STATE_OUTPUT_ATTR_NAME, externalContext, flowExecutor, idGenerator, IDP_ENTITY_ID, idpCredential, IP_ADDRESS_AUTHN_FLOW_ID, IP_ADDRESS_AUTHN_MAP_BEAN_NAME, KEYSTORE_FILE, LDIF_FILE, marshallerFactory, parserPool, request, response, SAML1_TRANSFORM_C14N_BEAN_NAME, SAML2_TRANSFORM_C14N_BEAN_NAME, SP_ACS_URL, SP_ENTITY_ID, SP_RELAY_STATE, spCredential, unmarshallerFactory
-
Fields inherited from class org.springframework.test.context.testng.AbstractTestNGSpringContextTests
applicationContext, logger
-
-
Constructor Summary
Constructors Constructor Description AbstractOidcClientAuthenticationFlowTest(String flowId)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract voidassertSuccessResponse(FlowExecutionResult result)Verify that the given result is a success response.protected com.nimbusds.oauth2.sdk.auth.PrivateKeyJWTbuildPrivateKeyJwtAuth()protected com.nimbusds.oauth2.sdk.auth.ClientSecretJWTbuildSecretJwtAuth(String secret)protected com.nimbusds.jwt.JWTClaimsSetclaimsSetExpiredExp()protected com.nimbusds.jwt.JWTClaimsSetclaimsSetIssuedInTheFuture()protected com.nimbusds.jwt.JWTClaimsSetclaimsSetMissingAud()protected com.nimbusds.jwt.JWTClaimsSetclaimsSetMissingExp()protected com.nimbusds.jwt.JWTClaimsSetclaimsSetMissingIss()protected com.nimbusds.jwt.JWTClaimsSetclaimsSetMissingJti()protected com.nimbusds.jwt.JWTClaimsSetclaimsSetMissingSub()protected abstract Pair<String,String>getErrorDetaisForJWTValidation()Get the pair of error code and error description for the error produced via eventEventIds.ACCESS_DENIED.voidinitKeys()protected abstract FlowExecutionResultlaunchWithJwtAuthentication(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.JWSAlgorithm algorithm, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod method)Launch the flow with the JWT client authentication method.protected voidpopulateClientAssertionParams(Map<String,String> requestParameters, com.nimbusds.jwt.SignedJWT jwt)protected voidpopulateClientAssertionParams(Map<String,String> requestParameters, com.nimbusds.oauth2.sdk.auth.JWTAuthentication clientAuth)voidtestInvalidPrivateKeyJWT_expiredExp()voidtestInvalidPrivateKeyJWT_issuedInTheFuture()voidtestInvalidPrivateKeyJWT_missingAud()voidtestInvalidPrivateKeyJWT_missingExp()voidtestInvalidPrivateKeyJWT_missingIss()voidtestInvalidPrivateKeyJWT_missingJti()voidtestInvalidPrivateKeyJWT_missingSub()voidtestInvalidPrivateKeyJWT_replayJti()voidtestInvalidSecretJWT_expiredExp()voidtestInvalidSecretJWT_issuedInTheFuture()voidtestInvalidSecretJWT_missingAud()voidtestInvalidSecretJWT_missingExp()voidtestInvalidSecretJWT_missingIss()voidtestInvalidSecretJWT_missingJti()voidtestInvalidSecretJWT_missingSub()voidtestInvalidSecretJWT_replayJti()voidtestValidPrivateKeyJWT()voidtestValidSecretJWT()protected com.nimbusds.jwt.JWTClaimsSetvalidClaimsSet()-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcApiFlowTest
buildJWTToken, buildJWTToken, buildLegacyToken, buildLegacyToken, buildRefreshToken, buildToken, buildToken, buildToken
-
Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractOidcFlowTest
assertErrorCode, assertErrorDescriptionContains, buildJsonForLegacyToken, createPrivateKeyJWT, createSecretJWT, getDataSealer, initializeMocks, initializeThreadLocals, parseErrorResponse, parseResponse, parseSuccessResponse, removeMetadata, setBasicAuth, setHttpFormRequest, setJsonRequest, setRequest, storeConsent, storeMetadata, storeMetadata, storeMetadata, storeMetadata, storeMetadata
-
Methods inherited from class net.shibboleth.idp.test.flows.AbstractFlowTest
assertFlowExecutionOutcome, assertFlowExecutionOutcome, assertFlowExecutionResult, assertProfileRequestContext, buildSOAP11Envelope, clearThreadLocals, getFlow, initializeFlowExecutor, initializeXMLObjectSupport, overrideEndStateOutput, overrideEndStateOutput, registerFlowsInParentRegistry, retrieveProfileRequestContext, setupDirectoryServer, teardownDirectoryServer
-
Methods inherited from class org.springframework.test.context.testng.AbstractTestNGSpringContextTests
run, setApplicationContext, springTestContextAfterTestClass, springTestContextAfterTestMethod, springTestContextBeforeTestClass, springTestContextBeforeTestMethod, springTestContextPrepareTestInstance
-
-
-
-
Field Detail
-
clientId
String clientId
-
clientSecret
String clientSecret
-
clientIdSaml
String clientIdSaml
-
clientSecretSaml
String clientSecretSaml
-
jwtAud
String jwtAud
-
rsaPrivateKey
RSAPrivateKey rsaPrivateKey
-
rsaPublicKey
RSAPublicKey rsaPublicKey
-
-
Constructor Detail
-
AbstractOidcClientAuthenticationFlowTest
public AbstractOidcClientAuthenticationFlowTest(String flowId)
-
-
Method Detail
-
initKeys
@BeforeClass public void initKeys() throws NoSuchAlgorithmException
- Throws:
NoSuchAlgorithmException
-
populateClientAssertionParams
protected void populateClientAssertionParams(Map<String,String> requestParameters, com.nimbusds.jwt.SignedJWT jwt)
-
testInvalidSecretJWT_missingSub
public void testInvalidSecretJWT_missingSub() throws Exception- Throws:
Exception
-
testInvalidSecretJWT_missingIss
public void testInvalidSecretJWT_missingIss() throws Exception- Throws:
Exception
-
testInvalidSecretJWT_missingAud
public void testInvalidSecretJWT_missingAud() throws Exception- Throws:
Exception
-
testInvalidSecretJWT_missingExp
public void testInvalidSecretJWT_missingExp() throws Exception- Throws:
Exception
-
testInvalidSecretJWT_expiredExp
public void testInvalidSecretJWT_expiredExp() throws Exception- Throws:
Exception
-
testInvalidSecretJWT_issuedInTheFuture
public void testInvalidSecretJWT_issuedInTheFuture() throws Exception- Throws:
Exception
-
testInvalidSecretJWT_missingJti
public void testInvalidSecretJWT_missingJti() throws Exception- Throws:
Exception
-
testInvalidSecretJWT_replayJti
public void testInvalidSecretJWT_replayJti() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_missingSub
public void testInvalidPrivateKeyJWT_missingSub() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_missingIss
public void testInvalidPrivateKeyJWT_missingIss() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_missingAud
public void testInvalidPrivateKeyJWT_missingAud() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_missingExp
public void testInvalidPrivateKeyJWT_missingExp() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_expiredExp
public void testInvalidPrivateKeyJWT_expiredExp() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_issuedInTheFuture
public void testInvalidPrivateKeyJWT_issuedInTheFuture() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_missingJti
public void testInvalidPrivateKeyJWT_missingJti() throws Exception- Throws:
Exception
-
testInvalidPrivateKeyJWT_replayJti
public void testInvalidPrivateKeyJWT_replayJti() throws Exception- Throws:
Exception
-
claimsSetMissingSub
protected com.nimbusds.jwt.JWTClaimsSet claimsSetMissingSub()
-
claimsSetMissingIss
protected com.nimbusds.jwt.JWTClaimsSet claimsSetMissingIss()
-
claimsSetMissingAud
protected com.nimbusds.jwt.JWTClaimsSet claimsSetMissingAud()
-
claimsSetMissingExp
protected com.nimbusds.jwt.JWTClaimsSet claimsSetMissingExp()
-
claimsSetExpiredExp
protected com.nimbusds.jwt.JWTClaimsSet claimsSetExpiredExp()
-
claimsSetIssuedInTheFuture
protected com.nimbusds.jwt.JWTClaimsSet claimsSetIssuedInTheFuture()
-
claimsSetMissingJti
protected com.nimbusds.jwt.JWTClaimsSet claimsSetMissingJti()
-
validClaimsSet
protected com.nimbusds.jwt.JWTClaimsSet validClaimsSet()
-
buildSecretJwtAuth
protected com.nimbusds.oauth2.sdk.auth.ClientSecretJWT buildSecretJwtAuth(String secret) throws com.nimbusds.jose.JOSEException, URISyntaxException
- Throws:
com.nimbusds.jose.JOSEExceptionURISyntaxException
-
buildPrivateKeyJwtAuth
protected com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT buildPrivateKeyJwtAuth() throws com.nimbusds.jose.JOSEException, URISyntaxException- Throws:
com.nimbusds.jose.JOSEExceptionURISyntaxException
-
populateClientAssertionParams
protected void populateClientAssertionParams(Map<String,String> requestParameters, com.nimbusds.oauth2.sdk.auth.JWTAuthentication clientAuth)
-
launchWithJwtAuthentication
protected abstract FlowExecutionResult launchWithJwtAuthentication(com.nimbusds.jwt.SignedJWT jwt, com.nimbusds.jose.JWSAlgorithm algorithm, com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod method) throws Exception
Launch the flow with the JWT client authentication method.- Parameters:
jwt- The JWT to be used for client authentication.algorithm- The algorithm to be used in the client authentication.method- The client authentication method.- Returns:
- The flow execution result.
- Throws:
Exception
-
getErrorDetaisForJWTValidation
protected abstract Pair<String,String> getErrorDetaisForJWTValidation()
Get the pair of error code and error description for the error produced via eventEventIds.ACCESS_DENIED. This is abstract due to the fact that each endpoint may have its own mappings.- Returns:
- The pair of error code and error description.
-
assertSuccessResponse
protected abstract void assertSuccessResponse(FlowExecutionResult result)
Verify that the given result is a success response.- Parameters:
result- The flow execution result to be verified.
-
-