|
| 1 | +/** |
| 2 | + * Licensed to the Apache Software Foundation (ASF) under one |
| 3 | + * or more contributor license agreements. See the NOTICE file |
| 4 | + * distributed with this work for additional information |
| 5 | + * regarding copyright ownership. The ASF licenses this file |
| 6 | + * to you under the Apache License, Version 2.0 (the |
| 7 | + * "License"); you may not use this file except in compliance |
| 8 | + * with the License. You may obtain a copy of the License at |
| 9 | + * |
| 10 | + * http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | + * |
| 12 | + * Unless required by applicable law or agreed to in writing, |
| 13 | + * software distributed under the License is distributed on an |
| 14 | + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| 15 | + * KIND, either express or implied. See the License for the |
| 16 | + * specific language governing permissions and limitations |
| 17 | + * under the License. |
| 18 | + */ |
| 19 | +package org.apache.cxf.rs.security.oidc.rp; |
| 20 | + |
| 21 | +import org.apache.cxf.rs.security.jose.jwt.JwtClaims; |
| 22 | +import org.apache.cxf.rs.security.jose.jwt.JwtToken; |
| 23 | +import org.apache.cxf.rs.security.oauth2.client.Consumer; |
| 24 | +import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; |
| 25 | +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; |
| 26 | +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; |
| 27 | +import org.apache.cxf.rs.security.oidc.utils.OidcUtils; |
| 28 | + |
| 29 | +import org.junit.Test; |
| 30 | + |
| 31 | +import static org.junit.Assert.assertNotNull; |
| 32 | + |
| 33 | +public class IdTokenReaderTest { |
| 34 | + |
| 35 | + @Test |
| 36 | + public void testCodeHashIsOptionalByDefaultForTokenEndpointIdToken() { |
| 37 | + IdTokenReader idTokenReader = new StubIdTokenReader(new JwtToken(new JwtClaims())); |
| 38 | + idTokenReader.setRequireAccessTokenHash(false); |
| 39 | + |
| 40 | + ClientAccessToken accessToken = new ClientAccessToken("Bearer", "access-token"); |
| 41 | + accessToken.getParameters().put(OidcUtils.ID_TOKEN, "id-token"); |
| 42 | + |
| 43 | + assertNotNull(idTokenReader.getIdJwtToken(accessToken, "auth-code", new Consumer("client-id"))); |
| 44 | + } |
| 45 | + |
| 46 | + @Test(expected = OAuthServiceException.class) |
| 47 | + public void testCodeHashIsRequiredByDefaultForHybridTokenEndpointIdToken() { |
| 48 | + IdTokenReader idTokenReader = new StubIdTokenReader(new JwtToken(new JwtClaims())); |
| 49 | + idTokenReader.setRequireAccessTokenHash(false); |
| 50 | + |
| 51 | + ClientAccessToken accessToken = new ClientAccessToken("Bearer", "access-token"); |
| 52 | + accessToken.getParameters().put(OidcUtils.ID_TOKEN, "id-token"); |
| 53 | + accessToken.getParameters().put(OAuthConstants.RESPONSE_TYPE, OidcUtils.CODE_ID_TOKEN_RESPONSE_TYPE); |
| 54 | + |
| 55 | + idTokenReader.getIdJwtToken(accessToken, "auth-code", new Consumer("client-id")); |
| 56 | + } |
| 57 | + |
| 58 | + private static final class StubIdTokenReader extends IdTokenReader { |
| 59 | + private final JwtToken jwt; |
| 60 | + |
| 61 | + private StubIdTokenReader(JwtToken jwt) { |
| 62 | + this.jwt = jwt; |
| 63 | + } |
| 64 | + |
| 65 | + @Override |
| 66 | + public JwtToken getIdJwtToken(String idJwtToken, Consumer client) { |
| 67 | + return jwt; |
| 68 | + } |
| 69 | + } |
| 70 | +} |
0 commit comments