[cxf] 02/02: Adding OAuth PKCE Digest tests
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 258584a4ef8a744d088f978ed9c68e3efcf98f40
Author: Colm O hEigeartaigh
AuthorDate: Thu Aug 15 14:25:18 2019 +0100
Adding OAuth PKCE Digest tests
(cherry picked from commit 563b1ec1f5b2186003843d5e686cc764efa00bb3)
---
.../security/oauth2/common/OAuth2TestUtils.java| 2 +-
.../security/oauth2/grants/PublicClientTest.java | 123 +
.../oauth2/grants/grants-server-public.xml | 33 ++
3 files changed, 157 insertions(+), 1 deletion(-)
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 328211e..a6ddb2c 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -156,7 +156,7 @@ public final class OAuth2TestUtils {
String
code,
String
consumerId,
String
audience) {
-return getAccessTokenWithAuthorizationCode(client, code,
"consumer-id", audience, null);
+return getAccessTokenWithAuthorizationCode(client, code, consumerId,
audience, null);
}
public static ClientAccessToken
getAccessTokenWithAuthorizationCode(WebClient client,
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
index 150719b..606aee0 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
@@ -27,6 +27,8 @@ import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
+import org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
@@ -196,12 +198,133 @@ public class PublicClientTest extends
AbstractBusClientServerTestBase {
try {
codeVerifier =
Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
"consumer-id", null, codeVerifier);
+fail("Failure expected on a different verifier");
+} catch (Exception ex) {
+// expected
+}
+}
+
+@org.junit.Test
+public void testPKCEDigest() throws Exception {
+URL busFile = PublicClientTest.class.getResource("publicclient.xml");
+
+String address = "https://localhost:; + JCACHE_PORT + "/services/";
+WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+"alice", "security",
busFile.toString());
+// Save the Cookie for the second request...
+WebClient.getConfig(client).getRequestContext().put(
+org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+// Get Authorization Code
+AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+parameters.setConsumerId("consumer-id");
+String codeVerifier =
Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
+CodeVerifierTransformer transformer = new DigestCodeVerifier();
+String codeChallenge = transformer.transformCodeVerifier(codeVerifier);
+parameters.setCodeChallenge(codeChallenge);
+parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
+parameters.setResponseType("code");
+parameters.setPath("authorize/");
+
+String location = OAuth2TestUtils.getLocation(client, parameters);
+String code = OAuth2TestUtils.getSubstring(location, "code");
+assertNotNull(code);
+
+// Now get the access token - note services3 doesn't require basic auth
+String address2 = "https://localhost:; + JCACHE_PORT + "/services3/";
+client = WebClient.create(address2,
[cxf] 02/02: Adding OAuth PKCE Digest tests
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 563b1ec1f5b2186003843d5e686cc764efa00bb3
Author: Colm O hEigeartaigh
AuthorDate: Thu Aug 15 14:25:18 2019 +0100
Adding OAuth PKCE Digest tests
---
.../security/oauth2/common/OAuth2TestUtils.java| 2 +-
.../security/oauth2/grants/PublicClientTest.java | 123 +
.../oauth2/grants/grants-server-public.xml | 33 ++
3 files changed, 157 insertions(+), 1 deletion(-)
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
index 328211e..a6ddb2c 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java
@@ -156,7 +156,7 @@ public final class OAuth2TestUtils {
String
code,
String
consumerId,
String
audience) {
-return getAccessTokenWithAuthorizationCode(client, code,
"consumer-id", audience, null);
+return getAccessTokenWithAuthorizationCode(client, code, consumerId,
audience, null);
}
public static ClientAccessToken
getAccessTokenWithAuthorizationCode(WebClient client,
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
index 150719b..606aee0 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java
@@ -27,6 +27,8 @@ import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
+import org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
@@ -196,12 +198,133 @@ public class PublicClientTest extends
AbstractBusClientServerTestBase {
try {
codeVerifier =
Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code,
"consumer-id", null, codeVerifier);
+fail("Failure expected on a different verifier");
+} catch (Exception ex) {
+// expected
+}
+}
+
+@org.junit.Test
+public void testPKCEDigest() throws Exception {
+URL busFile = PublicClientTest.class.getResource("publicclient.xml");
+
+String address = "https://localhost:; + JCACHE_PORT + "/services/";
+WebClient client = WebClient.create(address,
OAuth2TestUtils.setupProviders(),
+"alice", "security",
busFile.toString());
+// Save the Cookie for the second request...
+WebClient.getConfig(client).getRequestContext().put(
+org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
+
+// Get Authorization Code
+AuthorizationCodeParameters parameters = new
AuthorizationCodeParameters();
+parameters.setConsumerId("consumer-id");
+String codeVerifier =
Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
+CodeVerifierTransformer transformer = new DigestCodeVerifier();
+String codeChallenge = transformer.transformCodeVerifier(codeVerifier);
+parameters.setCodeChallenge(codeChallenge);
+parameters.setCodeChallengeMethod(transformer.getChallengeMethod());
+parameters.setResponseType("code");
+parameters.setPath("authorize/");
+
+String location = OAuth2TestUtils.getLocation(client, parameters);
+String code = OAuth2TestUtils.getSubstring(location, "code");
+assertNotNull(code);
+
+// Now get the access token - note services3 doesn't require basic auth
+String address2 = "https://localhost:; + JCACHE_PORT + "/services3/";
+client = WebClient.create(address2, OAuth2TestUtils.setupProviders(),
busFile.toString());
+// Save the Cookie for the second
