[cxf] 02/02: Adding OAuth PKCE Digest tests
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.3.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git commit 258584a4ef8a744d088f978ed9c68e3efcf98f40 Author: Colm O hEigeartaigh AuthorDate: Thu Aug 15 14:25:18 2019 +0100 Adding OAuth PKCE Digest tests (cherry picked from commit 563b1ec1f5b2186003843d5e686cc764efa00bb3) --- .../security/oauth2/common/OAuth2TestUtils.java| 2 +- .../security/oauth2/grants/PublicClientTest.java | 123 + .../oauth2/grants/grants-server-public.xml | 33 ++ 3 files changed, 157 insertions(+), 1 deletion(-) diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java index 328211e..a6ddb2c 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java @@ -156,7 +156,7 @@ public final class OAuth2TestUtils { String code, String consumerId, String audience) { -return getAccessTokenWithAuthorizationCode(client, code, "consumer-id", audience, null); +return getAccessTokenWithAuthorizationCode(client, code, consumerId, audience, null); } public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java index 150719b..606aee0 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java @@ -27,6 +27,8 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; +import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer; +import org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier; import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; @@ -196,12 +198,133 @@ public class PublicClientTest extends AbstractBusClientServerTestBase { try { codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32)); OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier); +fail("Failure expected on a different verifier"); +} catch (Exception ex) { +// expected +} +} + +@org.junit.Test +public void testPKCEDigest() throws Exception { +URL busFile = PublicClientTest.class.getResource("publicclient.xml"); + +String address = "https://localhost:"; + JCACHE_PORT + "/services/"; +WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), +"alice", "security", busFile.toString()); +// Save the Cookie for the second request... +WebClient.getConfig(client).getRequestContext().put( +org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + +// Get Authorization Code +AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); +parameters.setConsumerId("consumer-id"); +String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32)); +CodeVerifierTransformer transformer = new DigestCodeVerifier(); +String codeChallenge = transformer.transformCodeVerifier(codeVerifier); +parameters.setCodeChallenge(codeChallenge); +parameters.setCodeChallengeMethod(transformer.getChallengeMethod()); +parameters.setResponseType("code"); +parameters.setPath("authorize/"); + +String location = OAuth2TestUtils.getLocation(client, parameters); +String code = OAuth2TestUtils.getSubstring(location, "code"); +assertNotNull(code); + +// Now get the access token - note services3 doesn't require basic auth +String address2 = "https://localhost:"; + JCACHE_PORT + "/services3/"; +client = WebClient.create(address2, OAuth2TestUtils.setupP
[cxf] 02/02: Adding OAuth PKCE Digest tests
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf.git commit 563b1ec1f5b2186003843d5e686cc764efa00bb3 Author: Colm O hEigeartaigh AuthorDate: Thu Aug 15 14:25:18 2019 +0100 Adding OAuth PKCE Digest tests --- .../security/oauth2/common/OAuth2TestUtils.java| 2 +- .../security/oauth2/grants/PublicClientTest.java | 123 + .../oauth2/grants/grants-server-public.xml | 33 ++ 3 files changed, 157 insertions(+), 1 deletion(-) diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java index 328211e..a6ddb2c 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/common/OAuth2TestUtils.java @@ -156,7 +156,7 @@ public final class OAuth2TestUtils { String code, String consumerId, String audience) { -return getAccessTokenWithAuthorizationCode(client, code, "consumer-id", audience, null); +return getAccessTokenWithAuthorizationCode(client, code, consumerId, audience, null); } public static ClientAccessToken getAccessTokenWithAuthorizationCode(WebClient client, diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java index 150719b..606aee0 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java @@ -27,6 +27,8 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; +import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer; +import org.apache.cxf.rs.security.oauth2.grants.code.DigestCodeVerifier; import org.apache.cxf.rt.security.crypto.CryptoUtils; import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil; import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils; @@ -196,12 +198,133 @@ public class PublicClientTest extends AbstractBusClientServerTestBase { try { codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32)); OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code, "consumer-id", null, codeVerifier); +fail("Failure expected on a different verifier"); +} catch (Exception ex) { +// expected +} +} + +@org.junit.Test +public void testPKCEDigest() throws Exception { +URL busFile = PublicClientTest.class.getResource("publicclient.xml"); + +String address = "https://localhost:"; + JCACHE_PORT + "/services/"; +WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), +"alice", "security", busFile.toString()); +// Save the Cookie for the second request... +WebClient.getConfig(client).getRequestContext().put( +org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE); + +// Get Authorization Code +AuthorizationCodeParameters parameters = new AuthorizationCodeParameters(); +parameters.setConsumerId("consumer-id"); +String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32)); +CodeVerifierTransformer transformer = new DigestCodeVerifier(); +String codeChallenge = transformer.transformCodeVerifier(codeVerifier); +parameters.setCodeChallenge(codeChallenge); +parameters.setCodeChallengeMethod(transformer.getChallengeMethod()); +parameters.setResponseType("code"); +parameters.setPath("authorize/"); + +String location = OAuth2TestUtils.getLocation(client, parameters); +String code = OAuth2TestUtils.getSubstring(location, "code"); +assertNotNull(code); + +// Now get the access token - note services3 doesn't require basic auth +String address2 = "https://localhost:"; + JCACHE_PORT + "/services3/"; +client = WebClient.create(address2, OAuth2TestUtils.setupProviders(), busFile.toString()); +// Save the Cookie for the second reques