From c7cb2e3234c5f669103ab1e41e040f68c0a0e408 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 11 Oct 2023 09:19:58 +0530 Subject: [PATCH 01/25] add test case for persisting newly added DCR attributes --- .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 52 +++++++++++++++++++ .../dcrm/api/util/OAuthDCRMConstants.java | 17 ++++++ 2 files changed, 69 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 99e0bfa0a3d..10645efa4f5 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -314,4 +314,56 @@ private String getAuthzHeader() { return "Basic " + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); } + @Test(alwaysRun = true, groups = "wso2.is", priority = 1, description = "Create a service provider with " + + "additional OIDC properties") + public void testCreateServiceProviderRequestWithAdditionalParameters() throws IOException { + + HttpPost request = new HttpPost(getPath()); + request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + + JSONArray grantTypes = new JSONArray(); + grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_AUTHORIZATION_CODE); + grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_IMPLICIT); + + JSONArray redirectURI = new JSONArray(); + redirectURI.add(OAuthDCRMConstants.REDIRECT_URI); + + JSONObject obj = new JSONObject(); + obj.put(OAuthDCRMConstants.CLIENT_NAME, OAuthDCRMConstants.APPLICATION_NAME); + obj.put(OAuthDCRMConstants.GRANT_TYPES, grantTypes); + obj.put(OAuthDCRMConstants.REDIRECT_URIS, redirectURI); + obj.put(OAuthDCRMConstants.TOKEN_AUTH_METHOD, "private_key_jwt"); + obj.put(OAuthDCRMConstants.TOKEN_AUTH_SIGNATURE_ALGORITHM, "PS256"); + obj.put(OAuthDCRMConstants.SECTOR_IDENTIFIER_URI, "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001"); + obj.put(OAuthDCRMConstants.ID_TOKEN_SIGNATURE_ALGORITHM, "PS256"); + obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_ALGORITHM, "RSA-OAEP"); + obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_METHOD, "A128GCM"); + obj.put(OAuthDCRMConstants.AUTH_RESPONSE_SIGNATURE_ALGORITHM, "PS256"); + obj.put(OAuthDCRMConstants.REQUEST_OBJECT_SIGNATURE_ALGORITHM, "PS256"); + obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_ALGORITHM, "RSA-OAEP"); + obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_METHOD, "A128GCM"); + obj.put(OAuthDCRMConstants.TLS_SUBJECT_DN, "dfrrfc"); + obj.put(OAuthDCRMConstants.IS_SIGNED_REQUEST_OBJECT, true); + obj.put(OAuthDCRMConstants.IS_PUSH_AUTH, true); + obj.put(OAuthDCRMConstants.IS_CERTIFICATE_BOUND_ACCESS_TOKEN, true); + obj.put(OAuthDCRMConstants.SUBJECT_TYPE, "pairwise"); + + StringEntity entity = new StringEntity(obj.toJSONString()); + request.setEntity(entity); + + HttpResponse response = client.execute(request); + assertEquals(response.getStatusLine().getStatusCode(), 201, "Service Provider " + + "has not been created successfully"); + + BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); + + Object responseObj = JSONValue.parse(rd); + EntityUtils.consume(response.getEntity()); + client_id = ((JSONObject) responseObj).get("client_id").toString(); + + assertNotNull(client_id, "client_id cannot be null"); + + } + } diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java index 2ad8fcbb834..5ab0a5481e4 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java @@ -46,6 +46,23 @@ public class OAuthDCRMConstants { public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code"; public static final String GRANT_TYPE_PASSWORD = "password"; + public static final String TOKEN_AUTH_METHOD = "token_endpoint_auth_method"; + public static final String TOKEN_AUTH_SIGNATURE_ALGORITHM = "token_endpoint_auth_signing_alg"; + public static final String SECTOR_IDENTIFIER_URI = "sector_identifier_uri"; + public static final String ID_TOKEN_SIGNATURE_ALGORITHM = "id_token_signed_response_alg"; + public static final String ID_TOKEN_ENCRYPTION_ALGORITHM = "id_token_encrypted_response_alg"; + public static final String ID_TOKEN_ENCRYPTION_METHOD = "id_token_encrypted_response_enc"; + public static final String AUTH_RESPONSE_SIGNATURE_ALGORITHM = "authorization_signed_response_alg"; + public static final String REQUEST_OBJECT_SIGNATURE_ALGORITHM = "request_object_signing_alg"; + public static final String TLS_SUBJECT_DN = "tls_client_auth_subject_dn"; + public static final String IS_PUSH_AUTH = "require_pushed_authorization_requests"; + public static final String IS_SIGNED_REQUEST_OBJECT = "require_signed_request_object"; + public static final String IS_CERTIFICATE_BOUND_ACCESS_TOKEN = "tls_client_certificate_bound_access_tokens"; + public static final String SUBJECT_TYPE = "subject_type"; + public static final String REQUEST_OBJECT_ENCRYPTION_ALGORITHM = "request_object_encryption_alg"; + public static final String REQUEST_OBJECT_ENCRYPTION_METHOD = "request_object_encryption_enc"; + + } From 685d9adf6766e458038b6dddc7512916cab370ee Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 11 Oct 2023 15:40:34 +0530 Subject: [PATCH 02/25] change test case priority --- .../integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 10645efa4f5..4f42b680770 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -314,7 +314,7 @@ private String getAuthzHeader() { return "Basic " + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); } - @Test(alwaysRun = true, groups = "wso2.is", priority = 1, description = "Create a service provider with " + + @Test(alwaysRun = true, groups = "wso2.is", priority = 9, description = "Create a service provider with " + "additional OIDC properties") public void testCreateServiceProviderRequestWithAdditionalParameters() throws IOException { @@ -363,7 +363,7 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO client_id = ((JSONObject) responseObj).get("client_id").toString(); assertNotNull(client_id, "client_id cannot be null"); - + testDeleteServiceProvider(); } } From ea7c445592b207f9eed908697d8514db69dd59fa Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Fri, 13 Oct 2023 13:27:09 +0530 Subject: [PATCH 03/25] refactor tests --- .../integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 4f42b680770..cbd6709a05a 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -330,7 +330,7 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO redirectURI.add(OAuthDCRMConstants.REDIRECT_URI); JSONObject obj = new JSONObject(); - obj.put(OAuthDCRMConstants.CLIENT_NAME, OAuthDCRMConstants.APPLICATION_NAME); + obj.put(OAuthDCRMConstants.CLIENT_NAME, "DCR_1"); obj.put(OAuthDCRMConstants.GRANT_TYPES, grantTypes); obj.put(OAuthDCRMConstants.REDIRECT_URIS, redirectURI); obj.put(OAuthDCRMConstants.TOKEN_AUTH_METHOD, "private_key_jwt"); From ca0088c9d9ba4f05f26b58185ece2c14441eccc6 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sat, 14 Oct 2023 10:35:14 +0530 Subject: [PATCH 04/25] refactor tests --- .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 33 +++++++++++++++---- 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index cbd6709a05a..322b5670503 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -17,6 +17,7 @@ */ package org.wso2.identity.integration.test.oauth2.dcrm.api; +import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.commons.codec.binary.Base64; import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; @@ -314,6 +315,14 @@ private String getAuthzHeader() { return "Basic " + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); } + private JSONObject getPayload(HttpResponse response) throws IOException { + + BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); + Object responseObj = JSONValue.parse(rd); + EntityUtils.consume(response.getEntity()); + return (JSONObject) responseObj; + } + @Test(alwaysRun = true, groups = "wso2.is", priority = 9, description = "Create a service provider with " + "additional OIDC properties") public void testCreateServiceProviderRequestWithAdditionalParameters() throws IOException { @@ -339,7 +348,6 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO obj.put(OAuthDCRMConstants.ID_TOKEN_SIGNATURE_ALGORITHM, "PS256"); obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_ALGORITHM, "RSA-OAEP"); obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_METHOD, "A128GCM"); - obj.put(OAuthDCRMConstants.AUTH_RESPONSE_SIGNATURE_ALGORITHM, "PS256"); obj.put(OAuthDCRMConstants.REQUEST_OBJECT_SIGNATURE_ALGORITHM, "PS256"); obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_ALGORITHM, "RSA-OAEP"); obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_METHOD, "A128GCM"); @@ -348,6 +356,7 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO obj.put(OAuthDCRMConstants.IS_PUSH_AUTH, true); obj.put(OAuthDCRMConstants.IS_CERTIFICATE_BOUND_ACCESS_TOKEN, true); obj.put(OAuthDCRMConstants.SUBJECT_TYPE, "pairwise"); + obj.put(OAuthDCRMConstants.JWKS_URI, "https://localhost:9443/oauth2/jwks"); StringEntity entity = new StringEntity(obj.toJSONString()); request.setEntity(entity); @@ -356,13 +365,25 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO assertEquals(response.getStatusLine().getStatusCode(), 201, "Service Provider " + "has not been created successfully"); - BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); + JSONObject createResponsePayload = getPayload(response); + client_id = ((JSONObject) createResponsePayload).get("client_id").toString(); + assertNotNull(client_id, "client_id cannot be null"); - Object responseObj = JSONValue.parse(rd); - EntityUtils.consume(response.getEntity()); - client_id = ((JSONObject) responseObj).get("client_id").toString(); + HttpGet getRequest = new HttpGet(getPath() + client_id); + getRequest.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); - assertNotNull(client_id, "client_id cannot be null"); + HttpResponse getResponse = client.execute(getRequest); + assertEquals(getResponse.getStatusLine().getStatusCode(), 200, "Service provider request " + + "has not returned with successful response"); + + JSONObject getResponsePayload = getPayload(getResponse); + getResponsePayload.remove("client_id"); + getResponsePayload.remove("client_secret"); + getResponsePayload.remove("client_secret_expires_at"); + ObjectMapper mapper = new ObjectMapper(); + assertEquals(mapper.readTree(getResponsePayload.toJSONString()), mapper.readTree(obj.toJSONString()), + "Response payload should be equal."); testDeleteServiceProvider(); } From eb36ea470458afece4f7c7fb1b8a67e5564a95b7 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sun, 15 Oct 2023 23:42:51 +0530 Subject: [PATCH 05/25] add update test case --- .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 66 ++++++++++++++++++- 1 file changed, 63 insertions(+), 3 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 322b5670503..1d12ce0a8c1 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -25,6 +25,7 @@ import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.methods.HttpPut; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.HttpClients; import org.apache.http.util.EntityUtils; @@ -360,15 +361,21 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO StringEntity entity = new StringEntity(obj.toJSONString()); request.setEntity(entity); + ObjectMapper mapper = new ObjectMapper(); HttpResponse response = client.execute(request); assertEquals(response.getStatusLine().getStatusCode(), 201, "Service Provider " + "has not been created successfully"); - JSONObject createResponsePayload = getPayload(response); client_id = ((JSONObject) createResponsePayload).get("client_id").toString(); assertNotNull(client_id, "client_id cannot be null"); + createResponsePayload.remove("client_id"); + createResponsePayload.remove("client_secret"); + createResponsePayload.remove("client_secret_expires_at"); + assertEquals(mapper.readTree(createResponsePayload.toJSONString()), mapper.readTree(obj.toJSONString()), + "Response payload should be equal."); + HttpGet getRequest = new HttpGet(getPath() + client_id); getRequest.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); @@ -381,10 +388,63 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO getResponsePayload.remove("client_id"); getResponsePayload.remove("client_secret"); getResponsePayload.remove("client_secret_expires_at"); - ObjectMapper mapper = new ObjectMapper(); + assertEquals(mapper.readTree(getResponsePayload.toJSONString()), mapper.readTree(obj.toJSONString()), "Response payload should be equal."); - testDeleteServiceProvider(); } + + @Test(alwaysRun = true, groups = "wso2.is", priority = 10, description = "Create a service provider with " + + "additional OIDC properties") + public void testUpdateServiceProviderRequestWithAdditionalParameters() throws IOException { + + HttpPut request = new HttpPut(getPath() + client_id); + request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + + JSONArray grantTypes = new JSONArray(); + grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_AUTHORIZATION_CODE); + grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_IMPLICIT); + + JSONArray redirectURI = new JSONArray(); + redirectURI.add(OAuthDCRMConstants.REDIRECT_URI); + + JSONObject obj = new JSONObject(); + obj.put(OAuthDCRMConstants.CLIENT_NAME, "DCR_1"); + obj.put(OAuthDCRMConstants.GRANT_TYPES, grantTypes); + obj.put(OAuthDCRMConstants.REDIRECT_URIS, redirectURI); + obj.put(OAuthDCRMConstants.TOKEN_AUTH_METHOD, "tls_client_auth"); + obj.put(OAuthDCRMConstants.TOKEN_AUTH_SIGNATURE_ALGORITHM, "ES256"); + obj.put(OAuthDCRMConstants.SECTOR_IDENTIFIER_URI, "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001"); + obj.put(OAuthDCRMConstants.ID_TOKEN_SIGNATURE_ALGORITHM, "PS256"); + obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_ALGORITHM, "RSA-OAEP"); + obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_METHOD, "A128GCM"); + obj.put(OAuthDCRMConstants.REQUEST_OBJECT_SIGNATURE_ALGORITHM, "PS256"); + obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_ALGORITHM, "RSA-OAEP"); + obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_METHOD, "A128GCM"); + obj.put(OAuthDCRMConstants.TLS_SUBJECT_DN, "dfrrfc"); + obj.put(OAuthDCRMConstants.IS_SIGNED_REQUEST_OBJECT, true); + obj.put(OAuthDCRMConstants.IS_PUSH_AUTH, true); + obj.put(OAuthDCRMConstants.IS_CERTIFICATE_BOUND_ACCESS_TOKEN, true); + obj.put(OAuthDCRMConstants.SUBJECT_TYPE, "pairwise"); + obj.put(OAuthDCRMConstants.JWKS_URI, "https://localhost:9443/oauth2/jwks"); + + StringEntity entity = new StringEntity(obj.toJSONString()); + request.setEntity(entity); + ObjectMapper mapper = new ObjectMapper(); + + HttpResponse response = client.execute(request); + assertEquals(response.getStatusLine().getStatusCode(), 200, "Service Provider " + + "has not been created successfully"); + JSONObject updateResponsePayload = getPayload(response); + client_id = ((JSONObject) updateResponsePayload).get("client_id").toString(); + assertNotNull(client_id, "client_id cannot be null"); + updateResponsePayload.remove("client_id"); + updateResponsePayload.remove("client_secret"); + updateResponsePayload.remove("client_secret_expires_at"); + assertEquals(mapper.readTree(updateResponsePayload.toJSONString()), mapper.readTree(obj.toJSONString()), + "Response payload should be equal."); + + testDeleteServiceProvider(); + } } From a4dba8fe1d2f250ad80a84ee46f6f67c8febbc2e Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 16 Oct 2023 11:13:58 +0530 Subject: [PATCH 06/25] refactored code --- .../test/oauth2/dcrm/api/util/OAuthDCRMConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java index 5ab0a5481e4..e603e887cde 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java @@ -52,7 +52,6 @@ public class OAuthDCRMConstants { public static final String ID_TOKEN_SIGNATURE_ALGORITHM = "id_token_signed_response_alg"; public static final String ID_TOKEN_ENCRYPTION_ALGORITHM = "id_token_encrypted_response_alg"; public static final String ID_TOKEN_ENCRYPTION_METHOD = "id_token_encrypted_response_enc"; - public static final String AUTH_RESPONSE_SIGNATURE_ALGORITHM = "authorization_signed_response_alg"; public static final String REQUEST_OBJECT_SIGNATURE_ALGORITHM = "request_object_signing_alg"; public static final String TLS_SUBJECT_DN = "tls_client_auth_subject_dn"; public static final String IS_PUSH_AUTH = "require_pushed_authorization_requests"; @@ -61,6 +60,7 @@ public class OAuthDCRMConstants { public static final String SUBJECT_TYPE = "subject_type"; public static final String REQUEST_OBJECT_ENCRYPTION_ALGORITHM = "request_object_encryption_alg"; public static final String REQUEST_OBJECT_ENCRYPTION_METHOD = "request_object_encryption_enc"; + public static final String JWKS_URI = "jwks_uri"; From 63497ce855a1eddcf7df507b20547bcc094ba360 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 19 Oct 2023 08:41:36 +0530 Subject: [PATCH 07/25] add fapi validations for dcr tests (cherry picked from commit 2bc038581e9dd27d6e73f1ebccbef428af005d5a) --- .../tests-integration/tests-backend/pom.xml | 6 + .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 206 +++++++++++------- .../IS/oauth/dcr-fapi-validation-enabled.toml | 34 +++ .../registration-requests/request1.json | 27 +++ .../registration-requests/request2.json | 27 +++ .../registration-requests/request3.json | 27 +++ .../registration-requests/request4.json | 26 +++ .../registration-requests/request5.json | 27 +++ .../registration-requests/request6.json | 27 +++ .../registration-requests/request7.json | 27 +++ .../scenarios/sso/test/dcr/DCRTestCase.java | 6 +- .../registration-requests/request3.json | 27 +++ .../resources/update-requests/request3.json | 27 +++ 13 files changed, 417 insertions(+), 77 deletions(-) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json create mode 100644 product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json create mode 100644 product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json diff --git a/modules/integration/tests-integration/tests-backend/pom.xml b/modules/integration/tests-integration/tests-backend/pom.xml index b14efccdec1..89af852d975 100644 --- a/modules/integration/tests-integration/tests-backend/pom.xml +++ b/modules/integration/tests-integration/tests-backend/pom.xml @@ -98,6 +98,12 @@ usedefaultlisteners false + + registration.requests.location + + ${basedir}/src/test/resources/registration-requests/ + + ${basedir}/target/security-verifier/ ${basedir}/target/emma ${basedir}/src/test/resources/instrumentation.txt diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 1d12ce0a8c1..50573cbd31a 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -32,19 +32,19 @@ import org.json.simple.JSONArray; import org.json.simple.JSONObject; import org.json.simple.JSONValue; -import org.testng.annotations.AfterClass; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.DataProvider; -import org.testng.annotations.Factory; -import org.testng.annotations.Test; +import org.json.simple.parser.JSONParser; +import org.testng.annotations.*; import org.wso2.carbon.automation.engine.context.AutomationContext; import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; import org.wso2.identity.integration.common.utils.ISIntegrationTest; import org.wso2.identity.integration.test.oauth2.dcrm.api.util.OAuthDCRMConstants; +import org.wso2.identity.integration.test.util.Utils; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; +import java.io.*; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNotNull; @@ -61,6 +61,9 @@ public class OAuthDCRMTestCase extends ISIntegrationTest { private String username; private String password; private String tenant; + private static JSONParser parser = new JSONParser(); + private static final String REGISTER_REQUESTS_LOCATION = "registration.requests.location"; + private ServerConfigurationManager serverConfigurationManager; @Factory(dataProvider = "dcrmConfigProvider") public OAuthDCRMTestCase(TestUserMode userMode) throws Exception { @@ -77,11 +80,96 @@ public static Object[][] dcrmConfigProvider() { return new Object[][]{{TestUserMode.SUPER_TENANT_ADMIN}, {TestUserMode.TENANT_ADMIN}}; } + @DataProvider(name = "dcrConfigProvider") + private static Object[][] dcrConfigProvider() throws Exception { + + String INVALID_CLIENT_METADATA = "invalid_client_metadata"; + String INVALID_SOFTWARE_STATEMENT = "invalid_software_statement"; + return new Object[][]{ + { + getRegisterRequestJSON("request1.json"), INVALID_CLIENT_METADATA, + "Invalid token endpoint authentication method requested." + }, + { + getRegisterRequestJSON("request2.json"), INVALID_CLIENT_METADATA, + "Invalid signature algorithm requested" + }, + { + getRegisterRequestJSON("request3.json"), INVALID_CLIENT_METADATA, + "Invalid encryption algorithm requested" + }, + { + getRegisterRequestJSON("request4.json"), INVALID_CLIENT_METADATA, + "Sector identifier URI is needed for PPID calculation" + }, + { + getRegisterRequestJSON("request5.json"), INVALID_CLIENT_METADATA, + "Redirect URI missing in sector identifier URI set" + } + /*{ + getRegisterRequestJSON("request3.json"), INVALID_SOFTWARE_STATEMENT, + "Signature validation failed for the software statement" + }*/ + }; + } + @BeforeClass(alwaysRun = true) public void testInit() throws Exception { super.init(); client = HttpClients.createDefault(); + changeISConfiguration(); + } + + @AfterClass(alwaysRun = true) + public void restoreConfiguration() throws Exception { + resetISConfiguration(); + } + + private void changeISConfiguration() throws Exception { + + log.info("Adding entity id of SSOService to deployment.toml file"); + String carbonHome = Utils.getResidentCarbonHome(); + File defaultConfigFile = getDeploymentTomlFile(carbonHome); + File configuredIdentityXML = new File(getISResourceLocation() + File.separator + "oauth" + + File.separator + "dcr-fapi-validation-enabled.toml"); + serverConfigurationManager = new ServerConfigurationManager(isServer); + serverConfigurationManager.applyConfigurationWithoutRestart(configuredIdentityXML, defaultConfigFile, true); + serverConfigurationManager.restartGracefully(); + } + + private void resetISConfiguration() throws Exception { + + log.info("Replacing identity.xml with default configurations"); + serverConfigurationManager.restoreToLastConfiguration(false); + } + + /** + * Get register request JSON object. + * + * @param fileName File name. + * @return Register request JSON object. + * @throws Exception Exception. + */ + private static JSONObject getRegisterRequestJSON(String fileName) throws Exception { + + return (JSONObject) parser.parse(new FileReader(getFilePath(REGISTER_REQUESTS_LOCATION, fileName))); + } + /** + * Get file path. + * + * @param folderPath Folder path. + * @param fileName File name. + * @return File path. + * @throws Exception Exception. + */ + private static String getFilePath(String folderPath, String fileName) throws Exception { + + Path path = Paths.get(System.getProperty(folderPath) + fileName); + if (!Files.exists(path)) { + throw new FileNotFoundException("Failed to find file: " + path.toString()); + } + return path.toString(); } @Test(alwaysRun = true, groups = "wso2.is", priority = 1, description = "Create a service provider successfully") @@ -324,42 +412,16 @@ private JSONObject getPayload(HttpResponse response) throws IOException { return (JSONObject) responseObj; } - @Test(alwaysRun = true, groups = "wso2.is", priority = 9, description = "Create a service provider with " + + @Test(alwaysRun = true, groups = "wso2.is", priority = 9, description = "Create a service provider with " + "additional OIDC properties") - public void testCreateServiceProviderRequestWithAdditionalParameters() throws IOException { + public void testCreateServiceProviderRequestWithAdditionalParameters() throws Exception { HttpPost request = new HttpPost(getPath()); + JSONObject registerRequestJSON = getRegisterRequestJSON("request6.json"); + request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); - - JSONArray grantTypes = new JSONArray(); - grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_AUTHORIZATION_CODE); - grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_IMPLICIT); - - JSONArray redirectURI = new JSONArray(); - redirectURI.add(OAuthDCRMConstants.REDIRECT_URI); - - JSONObject obj = new JSONObject(); - obj.put(OAuthDCRMConstants.CLIENT_NAME, "DCR_1"); - obj.put(OAuthDCRMConstants.GRANT_TYPES, grantTypes); - obj.put(OAuthDCRMConstants.REDIRECT_URIS, redirectURI); - obj.put(OAuthDCRMConstants.TOKEN_AUTH_METHOD, "private_key_jwt"); - obj.put(OAuthDCRMConstants.TOKEN_AUTH_SIGNATURE_ALGORITHM, "PS256"); - obj.put(OAuthDCRMConstants.SECTOR_IDENTIFIER_URI, "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001"); - obj.put(OAuthDCRMConstants.ID_TOKEN_SIGNATURE_ALGORITHM, "PS256"); - obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_ALGORITHM, "RSA-OAEP"); - obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_METHOD, "A128GCM"); - obj.put(OAuthDCRMConstants.REQUEST_OBJECT_SIGNATURE_ALGORITHM, "PS256"); - obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_ALGORITHM, "RSA-OAEP"); - obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_METHOD, "A128GCM"); - obj.put(OAuthDCRMConstants.TLS_SUBJECT_DN, "dfrrfc"); - obj.put(OAuthDCRMConstants.IS_SIGNED_REQUEST_OBJECT, true); - obj.put(OAuthDCRMConstants.IS_PUSH_AUTH, true); - obj.put(OAuthDCRMConstants.IS_CERTIFICATE_BOUND_ACCESS_TOKEN, true); - obj.put(OAuthDCRMConstants.SUBJECT_TYPE, "pairwise"); - obj.put(OAuthDCRMConstants.JWKS_URI, "https://localhost:9443/oauth2/jwks"); - - StringEntity entity = new StringEntity(obj.toJSONString()); + StringEntity entity = new StringEntity(registerRequestJSON.toJSONString()); request.setEntity(entity); ObjectMapper mapper = new ObjectMapper(); @@ -373,8 +435,8 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO createResponsePayload.remove("client_id"); createResponsePayload.remove("client_secret"); createResponsePayload.remove("client_secret_expires_at"); - assertEquals(mapper.readTree(createResponsePayload.toJSONString()), mapper.readTree(obj.toJSONString()), - "Response payload should be equal."); + assertEquals(mapper.readTree(createResponsePayload.toJSONString()), mapper.readTree( + registerRequestJSON.toJSONString()), "Response payload should be equal."); HttpGet getRequest = new HttpGet(getPath() + client_id); getRequest.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); @@ -389,47 +451,22 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws IO getResponsePayload.remove("client_secret"); getResponsePayload.remove("client_secret_expires_at"); - assertEquals(mapper.readTree(getResponsePayload.toJSONString()), mapper.readTree(obj.toJSONString()), - "Response payload should be equal."); + registerRequestJSON.remove("software_statement"); + getResponsePayload.remove("software_statement"); + assertEquals(mapper.readTree(getResponsePayload.toJSONString()), mapper.readTree( + registerRequestJSON.toJSONString()), "Response payload should be equal."); } - @Test(alwaysRun = true, groups = "wso2.is", priority = 10, description = "Create a service provider with " + "additional OIDC properties") - public void testUpdateServiceProviderRequestWithAdditionalParameters() throws IOException { + public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Exception { HttpPut request = new HttpPut(getPath() + client_id); request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + JSONObject updateRequestPayload = getRegisterRequestJSON("request7.json"); - JSONArray grantTypes = new JSONArray(); - grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_AUTHORIZATION_CODE); - grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_IMPLICIT); - - JSONArray redirectURI = new JSONArray(); - redirectURI.add(OAuthDCRMConstants.REDIRECT_URI); - - JSONObject obj = new JSONObject(); - obj.put(OAuthDCRMConstants.CLIENT_NAME, "DCR_1"); - obj.put(OAuthDCRMConstants.GRANT_TYPES, grantTypes); - obj.put(OAuthDCRMConstants.REDIRECT_URIS, redirectURI); - obj.put(OAuthDCRMConstants.TOKEN_AUTH_METHOD, "tls_client_auth"); - obj.put(OAuthDCRMConstants.TOKEN_AUTH_SIGNATURE_ALGORITHM, "ES256"); - obj.put(OAuthDCRMConstants.SECTOR_IDENTIFIER_URI, "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001"); - obj.put(OAuthDCRMConstants.ID_TOKEN_SIGNATURE_ALGORITHM, "PS256"); - obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_ALGORITHM, "RSA-OAEP"); - obj.put(OAuthDCRMConstants.ID_TOKEN_ENCRYPTION_METHOD, "A128GCM"); - obj.put(OAuthDCRMConstants.REQUEST_OBJECT_SIGNATURE_ALGORITHM, "PS256"); - obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_ALGORITHM, "RSA-OAEP"); - obj.put(OAuthDCRMConstants.REQUEST_OBJECT_ENCRYPTION_METHOD, "A128GCM"); - obj.put(OAuthDCRMConstants.TLS_SUBJECT_DN, "dfrrfc"); - obj.put(OAuthDCRMConstants.IS_SIGNED_REQUEST_OBJECT, true); - obj.put(OAuthDCRMConstants.IS_PUSH_AUTH, true); - obj.put(OAuthDCRMConstants.IS_CERTIFICATE_BOUND_ACCESS_TOKEN, true); - obj.put(OAuthDCRMConstants.SUBJECT_TYPE, "pairwise"); - obj.put(OAuthDCRMConstants.JWKS_URI, "https://localhost:9443/oauth2/jwks"); - - StringEntity entity = new StringEntity(obj.toJSONString()); + StringEntity entity = new StringEntity(updateRequestPayload.toJSONString()); request.setEntity(entity); ObjectMapper mapper = new ObjectMapper(); @@ -442,9 +479,28 @@ public void testUpdateServiceProviderRequestWithAdditionalParameters() throws IO updateResponsePayload.remove("client_id"); updateResponsePayload.remove("client_secret"); updateResponsePayload.remove("client_secret_expires_at"); - assertEquals(mapper.readTree(updateResponsePayload.toJSONString()), mapper.readTree(obj.toJSONString()), + assertEquals(mapper.readTree(updateResponsePayload.toJSONString()), + mapper.readTree(updateRequestPayload.toJSONString()), "Response payload should be equal."); + } - testDeleteServiceProvider(); + @Test(alwaysRun = true, groups = "wso2.is", priority = 11, + description = "Check FAPI validations, PPID and SSA during DCR", dataProvider = "dcrConfigProvider") + public void validateErrorScenarios(JSONObject requestJSON, String errorCode, String errorMessage) throws Exception { + + HttpPost request = new HttpPost(getPath()); + request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + StringEntity entity = new StringEntity(requestJSON.toJSONString()); + request.setEntity(entity); + HttpResponse response = client.execute(request); + + assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider " + + "has not been created successfully"); + JSONObject errorResponse = getPayload(response); + assertEquals(errorResponse.get("error"), errorCode); + assertEquals(errorResponse.get("error_description"), errorMessage); + + // resetISConfiguration(); } } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml new file mode 100644 index 00000000000..ec09ceffd12 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml @@ -0,0 +1,34 @@ +[server] +hostname = "localhost" +node_ip = "127.0.0.1" +base_path = "https://$ref{server.hostname}:${carbon.management.port}" + +[super_admin] +username = "admin" +password = "admin" +create_admin_account = true + +[user_store] +type = "database_unique_id" + +[database.identity_db] +driver = "$env{IDENTITY_DATABASE_DRIVER}" +url = "$env{IDENTITY_DATABASE_URL}" +username = "$env{IDENTITY_DATABASE_USERNAME}" +password = "$env{IDENTITY_DATABASE_PASSWORD}" + +[database.shared_db] +driver = "$env{SHARED_DATABASE_DRIVER}" +url = "$env{SHARED_DATABASE_URL}" +username = "$env{SHARED_DATABASE_USERNAME}" +password = "$env{SHARED_DATABASE_PASSWORD}" + +[keystore.primary] +file_name = "wso2carbon.jks" +password = "wso2carbon" + +[oauth] +dcr.enable_sector_identifier_validation=true +dcr.ssa_jkws="https://localhost:9853/oauth2/jwks" +dcr.enable_fapi_enforcement=true +oidc.fapi.enable_validation=true \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json new file mode 100644 index 00000000000..0457ce415a9 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json @@ -0,0 +1,27 @@ +{ + "redirect_uris": [ + "https://abc/redirect1", + "https://abc/redirect2" + ], + "client_name": "TestsTokenAuthInvalid", + + "grant_types": [ + "client_credentials" + ], + "jwks_uri": "https://localhost/jwks", + "backchannel_logout_uri": "https://www.google.com", + "backchannel_logout_session_required": true, + "token_endpoint_auth_method": "client_secret", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "ES256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM" +} \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json new file mode 100644 index 00000000000..75df446fa47 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json @@ -0,0 +1,27 @@ +{ + "redirect_uris": [ + "https://abc/redirect1", + "https://abc/redirect2" + ], + "client_name": "TestsSignatureAlgoInvalid", + + "grant_types": [ + "client_credentials" + ], + "jwks_uri": "https://localhost/jwks", + "backchannel_logout_uri": "https://www.google.com", + "backchannel_logout_session_required": true, + "token_endpoint_auth_method": "tls_client_auth", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "RS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "ES256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM" +} \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json new file mode 100644 index 00000000000..e3dc6119a83 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json @@ -0,0 +1,27 @@ +{ + "redirect_uris": [ + "https://abc/redirect1", + "https://abc/redirect2" + ], + "client_name": "TestsInvalidEncryption", + + "grant_types": [ + "client_credentials" + ], + "jwks_uri": "https://localhost/jwks", + "backchannel_logout_uri": "https://www.google.com", + "backchannel_logout_session_required": true, + "token_endpoint_auth_method": "tls_client_auth", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA1_5", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "ES256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM" +} \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json new file mode 100644 index 00000000000..fad79e1ec0a --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json @@ -0,0 +1,26 @@ +{ + "redirect_uris": [ + "https://abc/redirect1", + "https://abcd/redirect2" + ], + "client_name": "TestsSSAInvalid", + + "grant_types": [ + "client_credentials" + ], + "jwks_uri": "https://localhost/jwks", + "backchannel_logout_uri": "https://www.google.com", + "backchannel_logout_session_required": true, + "token_endpoint_auth_method": "tls_client_auth", + "token_endpoint_auth_signing_alg" : "PS256", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "ES256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM" +} \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json new file mode 100644 index 00000000000..45fb8942ee1 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json @@ -0,0 +1,27 @@ +{ + "redirect_uris": [ + "https://abc/redirect1", + "https://abc/redirect" + ], + "client_name": "TestsSSAInvalid", + + "grant_types": [ + "client_credentials" + ], + "jwks_uri": "https://localhost/jwks", + "backchannel_logout_uri": "https://www.google.com", + "backchannel_logout_session_required": true, + "token_endpoint_auth_method": "tls_client_auth", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "ES256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM" +} \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json new file mode 100644 index 00000000000..ff285d062c4 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json @@ -0,0 +1,27 @@ +{ + "redirect_uris": [ + "https://abc/redirect1" + ], + "client_name": "TestAdditionalProperties", + + "grant_types": [ + "authorization_code", + "implicit" + ], + "jwks_uri": "https://localhost/jwks", + "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1ESmxOakl4TjJFMU9HWmxPR1ZtTUdReE9URmxNekJtTm1GalpqUTBZMll3T0dZME4ySTBZekU0WXpaak5qUmhZbVJtTW1RME9EZGlORGhqTUdFd01BX1JTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2NDc0MDU5NDAsImp0aSI6IjM2YjVkZmUwMjA1YzQwNjAiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoib1E0S29hYXZwT3VvRTdydlFzWkVPViIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im9RNEtvYWF2cE91b0U3cnZRc1pFT1YiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUDIgKFNhbmRib3gpIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiV1NPMiBPcGVuIEJhbmtpbmcgVFBQMiBmb3IgdGVzdGluZyIsInNvZnR3YXJlX3ZlcnNpb24iOjEuNSwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19LHsibWVtYmVyX3N0YXRlIjoiSUUiLCJyb2xlcyI6WyJQSVNQIiwiQ0JQSUkiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkL29RNEtvYWF2cE91b0U3cnZRc1pFT1YuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3d3dy5nb29nbGUuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.H_9zUiJnaGxdCW1hY16IpRVRdVwZTeoKG3t8NrQ5t_VAF4OPIhz1rhJgE117Z-MA6rVOhs3qXe-3-qswm9uEPR5El3qGfumCcmrKouh7xfE8NJo65Ox947cDgPVfY2RmdIJ5snZHZaw66Ty0iy0x57RSQCjMBkKzJGxG_uv6usS6TLCz_Z7sYl0aZ_SORlg2OWCMJ-LspPCfqzh09_eIuP2_2n9rW6-98kz7MebP4rPJn4wdUtHLc_noMydey6MCOZCMOl4wXbkbvZxMq2oRtoV_VYPkgs1lzGobE5OgAX4UKMk9jOKJkhD-k6AENG35Z1_U2K9kdhpXLwCJwzJbfg", + "token_endpoint_auth_method": "private_key_jwt", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "ES256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens":true +} \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json new file mode 100644 index 00000000000..836990438c6 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json @@ -0,0 +1,27 @@ +{ + "redirect_uris": [ + "https://abc/redirect1" + ], + "client_name": "TestAdditionalProperties", + + "grant_types": [ + "authorization_code", + "implicit" + ], + "jwks_uri": "https://localhost/jwks", + "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1ESmxOakl4TjJFMU9HWmxPR1ZtTUdReE9URmxNekJtTm1GalpqUTBZMll3T0dZME4ySTBZekU0WXpaak5qUmhZbVJtTW1RME9EZGlORGhqTUdFd01BX1JTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2NDc0MDU5NDAsImp0aSI6IjM2YjVkZmUwMjA1YzQwNjAiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoib1E0S29hYXZwT3VvRTdydlFzWkVPViIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im9RNEtvYWF2cE91b0U3cnZRc1pFT1YiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUDIgKFNhbmRib3gpIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiV1NPMiBPcGVuIEJhbmtpbmcgVFBQMiBmb3IgdGVzdGluZyIsInNvZnR3YXJlX3ZlcnNpb24iOjEuNSwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19LHsibWVtYmVyX3N0YXRlIjoiSUUiLCJyb2xlcyI6WyJQSVNQIiwiQ0JQSUkiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkL29RNEtvYWF2cE91b0U3cnZRc1pFT1YuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3d3dy5nb29nbGUuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.H_9zUiJnaGxdCW1hY16IpRVRdVwZTeoKG3t8NrQ5t_VAF4OPIhz1rhJgE117Z-MA6rVOhs3qXe-3-qswm9uEPR5El3qGfumCcmrKouh7xfE8NJo65Ox947cDgPVfY2RmdIJ5snZHZaw66Ty0iy0x57RSQCjMBkKzJGxG_uv6usS6TLCz_Z7sYl0aZ_SORlg2OWCMJ-LspPCfqzh09_eIuP2_2n9rW6-98kz7MebP4rPJn4wdUtHLc_noMydey6MCOZCMOl4wXbkbvZxMq2oRtoV_VYPkgs1lzGobE5OgAX4UKMk9jOKJkhD-k6AENG35Z1_U2K9kdhpXLwCJwzJbfg", + "token_endpoint_auth_method": "tls_client_auth", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "PS256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens":false +} \ No newline at end of file diff --git a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java index 4dfd8d0fb4c..7c4653cad6e 100644 --- a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java +++ b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java @@ -97,8 +97,10 @@ private static Object[][] dcrConfigProvider() throws Exception { }, { getRegisterRequestJSON("request2.json"), getUpdateRequestJSON("request2.json"), ADMIN_USERNAME, ADMIN_PASSWORD, SUPER_TENANT_DOMAIN - } - }; + }, { + getRegisterRequestJSON("request3.json"), getUpdateRequestJSON("request3.json"), ADMIN_USERNAME, + ADMIN_PASSWORD, SUPER_TENANT_DOMAIN} + }; } @BeforeClass(alwaysRun = true) diff --git a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json new file mode 100644 index 00000000000..e690a1ab42a --- /dev/null +++ b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json @@ -0,0 +1,27 @@ +{ + "client_name": "dcr-app-3", + "redirect_uris": [ + "https://abc/redirect1", + "https://abc/redirect2" + ], + "grant_types": [ + "client_credentials" + ], + "jwks_uri": "https://localhost/jwks", + + "token_endpoint_auth_method": "private_key_jwt", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "authorization_signed_response_alg" : "PS256", + "request_object_signing_alg" : "PS256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "tls_client_certificate_bound_access_tokens" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM" +} \ No newline at end of file diff --git a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json new file mode 100644 index 00000000000..264c4afb78e --- /dev/null +++ b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json @@ -0,0 +1,27 @@ +{ + "client_name": "dcr-app-3", + "redirect_uris": [ + "https://abc/redirect1", + "https://abc/redirect2" + ], + "grant_types": [ + "client_credentials" + ], + "jwks_uri": "https://localhost/jwks", + + "token_endpoint_auth_method": "private_key_jwt", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "authorization_signed_response_alg" : "ES256", + "request_object_signing_alg" : "PS256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "tls_client_certificate_bound_access_tokens" : true, + "subject_type" : "public", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM" +} \ No newline at end of file From dffd4976dbfd6dfb401a1fa7b959f4a82e5fed97 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 19 Oct 2023 08:57:09 +0530 Subject: [PATCH 08/25] add eof lines (cherry picked from commit 644168ea0c2d27826e864c20fc1a3ee6f662545f) --- .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 8 +++--- .../IS/oauth/dcr-fapi-validation-enabled.toml | 2 +- .../registration-requests/request1.json | 2 +- .../registration-requests/request2.json | 2 +- .../registration-requests/request3.json | 2 +- .../registration-requests/request4.json | 2 +- .../registration-requests/request5.json | 2 +- .../registration-requests/request6.json | 2 +- .../registration-requests/request7.json | 2 +- .../registration-requests/request8.json | 28 +++++++++++++++++++ 10 files changed, 40 insertions(+), 12 deletions(-) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 50573cbd31a..c9733c32fe8 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -105,11 +105,11 @@ private static Object[][] dcrConfigProvider() throws Exception { { getRegisterRequestJSON("request5.json"), INVALID_CLIENT_METADATA, "Redirect URI missing in sector identifier URI set" - } - /*{ - getRegisterRequestJSON("request3.json"), INVALID_SOFTWARE_STATEMENT, + }, + { + getRegisterRequestJSON("request8.json"), INVALID_SOFTWARE_STATEMENT, "Signature validation failed for the software statement" - }*/ + } }; } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml index ec09ceffd12..05714c5543f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml @@ -31,4 +31,4 @@ password = "wso2carbon" dcr.enable_sector_identifier_validation=true dcr.ssa_jkws="https://localhost:9853/oauth2/jwks" dcr.enable_fapi_enforcement=true -oidc.fapi.enable_validation=true \ No newline at end of file +oidc.fapi.enable_validation=true diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json index 0457ce415a9..faee6bb47a1 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json @@ -24,4 +24,4 @@ "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", "request_object_encryption_enc" : "A128GCM" -} \ No newline at end of file +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json index 75df446fa47..cc7768bd4a4 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json @@ -24,4 +24,4 @@ "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", "request_object_encryption_enc" : "A128GCM" -} \ No newline at end of file +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json index e3dc6119a83..41eddec7421 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json @@ -24,4 +24,4 @@ "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", "request_object_encryption_enc" : "A128GCM" -} \ No newline at end of file +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json index fad79e1ec0a..4a786004dd1 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json @@ -23,4 +23,4 @@ "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", "request_object_encryption_enc" : "A128GCM" -} \ No newline at end of file +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json index 45fb8942ee1..54e9f15c17b 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json @@ -24,4 +24,4 @@ "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", "request_object_encryption_enc" : "A128GCM" -} \ No newline at end of file +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json index ff285d062c4..ce6671db219 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json @@ -24,4 +24,4 @@ "request_object_encryption_alg" : "RSA-OAEP", "request_object_encryption_enc" : "A128GCM", "tls_client_certificate_bound_access_tokens":true -} \ No newline at end of file +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json index 836990438c6..cea73176f2f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json @@ -24,4 +24,4 @@ "request_object_encryption_alg" : "RSA-OAEP", "request_object_encryption_enc" : "A128GCM", "tls_client_certificate_bound_access_tokens":false -} \ No newline at end of file +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json new file mode 100644 index 00000000000..ec0bacf4d86 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json @@ -0,0 +1,28 @@ +{ + "redirect_uris": [ + "https://abc/redirect1" + ], + "client_name": "TestAdditionalProperties", + + "grant_types": [ + "authorization_code", + "implicit" + ], + "jwks_uri": "https://localhost/jwks", + "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1ESmxOakl4TjJFMU9HWmxPR1ZtTUdReE9URmxNekJtTm1GalpqUTBZMll3T0dZME4ySTBZekU0WXpaak5qUmhZbVJtTW1RME9EZGlORGhqTUdFd01BX1JTMjccdU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2NDc0MDU5NDAsImp0aSI6IjM2YjVkZmUwMjA1YzQwNjAiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoib1E0S29hYXZwT3VvRTdydlFzWkVPViIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im9RNEtvYWF2cE91b0U3cnZRc1pFT1YiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUDIgKFNhbmRib3gpIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiV1NPMiBPcGVuIEJhbmtpbmcgVFBQMiBmb3IgdGVzdGluZyIsInNvZnR3YXJlX3ZlcnNpb24iOjEuNSwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19LHsibWVtYmVyX3N0YXRlIjoiSUUiLCJyb2xlcyI6WyJQSVNQIiwiQ0JQSUkiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkL29RNEtvYWF2cE91b0U3cnZRc1pFT1YuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3d3dy5nb29nbGUuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.H_9zUiJnaGxdCW1hY16IpRVRdVwZTeoKG3t8NrQ5t_VAF4OPIhz1rhJgE117Z-MA6rVOhs3qXe-3-qswm9uEPR5El3qGfumCcmrKouh7xfE8NJo65Ox947cDgPVfY2RmdIJ5snZHZaw66Ty0iy0x57RSQCjMBkKzJGxG_uv6usS6TLCz_Z7sYl0aZ_SORlg2OWCMJ-LspPCfqzh09_eIuP2_2n9rW6-98kz7MebP4rPJn4wdUtHLc_noMydey6MCOZCMOl4wXbkbvZxMq2oRtoV_VYPkgs1lzGobE5OgAX4UKMk9jOKJkhD-k6AENG35Z1_U2K9kdhpXLwCJwzJbfg", + "token_endpoint_auth_method": "private_key_jwt", + "token_endpoint_auth_signing_alg" : "PS256", + "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "id_token_signed_response_alg" : "PS256", + "id_token_encrypted_response_alg" : "RSA-OAEP", + "id_token_encrypted_response_enc" : "A128GCM", + "request_object_signing_alg" : "ES256", + "tls_client_auth_subject_dn" : "dfrrfc", + "require_signed_request_object" : true, + "require_pushed_authorization_requests" : true, + "subject_type" : "pairwise", + "request_object_encryption_alg" : "RSA-OAEP", + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens":true +} + From 1ebcbb01e0059ef42b460c3cbcd87a5195643453 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 19 Oct 2023 09:20:58 +0530 Subject: [PATCH 09/25] refactor code (cherry picked from commit a44665879c68600f145200b99678113f4af47b40) --- .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 7 +++-- .../scenarios/sso/test/dcr/DCRTestCase.java | 4 +-- .../registration-requests/request3.json | 27 ------------------- .../resources/update-requests/request3.json | 27 ------------------- 4 files changed, 4 insertions(+), 61 deletions(-) delete mode 100644 product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json delete mode 100644 product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index c9733c32fe8..dfb6b46d738 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -480,8 +480,9 @@ public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Ex updateResponsePayload.remove("client_secret"); updateResponsePayload.remove("client_secret_expires_at"); assertEquals(mapper.readTree(updateResponsePayload.toJSONString()), - mapper.readTree(updateRequestPayload.toJSONString()), - "Response payload should be equal."); + mapper.readTree(updateRequestPayload.toJSONString()), "Response payload should be equal."); + + testDeleteServiceProvider(); } @Test(alwaysRun = true, groups = "wso2.is", priority = 11, @@ -500,7 +501,5 @@ public void validateErrorScenarios(JSONObject requestJSON, String errorCode, Str JSONObject errorResponse = getPayload(response); assertEquals(errorResponse.get("error"), errorCode); assertEquals(errorResponse.get("error_description"), errorMessage); - - // resetISConfiguration(); } } diff --git a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java index 7c4653cad6e..c33c7a6312e 100644 --- a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java +++ b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java @@ -97,9 +97,7 @@ private static Object[][] dcrConfigProvider() throws Exception { }, { getRegisterRequestJSON("request2.json"), getUpdateRequestJSON("request2.json"), ADMIN_USERNAME, ADMIN_PASSWORD, SUPER_TENANT_DOMAIN - }, { - getRegisterRequestJSON("request3.json"), getUpdateRequestJSON("request3.json"), ADMIN_USERNAME, - ADMIN_PASSWORD, SUPER_TENANT_DOMAIN} + } }; } diff --git a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json deleted file mode 100644 index e690a1ab42a..00000000000 --- a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/registration-requests/request3.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "client_name": "dcr-app-3", - "redirect_uris": [ - "https://abc/redirect1", - "https://abc/redirect2" - ], - "grant_types": [ - "client_credentials" - ], - "jwks_uri": "https://localhost/jwks", - - "token_endpoint_auth_method": "private_key_jwt", - "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", - "id_token_signed_response_alg" : "PS256", - "id_token_encrypted_response_alg" : "RSA-OAEP", - "id_token_encrypted_response_enc" : "A128GCM", - "authorization_signed_response_alg" : "PS256", - "request_object_signing_alg" : "PS256", - "tls_client_auth_subject_dn" : "dfrrfc", - "require_signed_request_object" : true, - "require_pushed_authorization_requests" : true, - "tls_client_certificate_bound_access_tokens" : true, - "subject_type" : "pairwise", - "request_object_encryption_alg" : "RSA-OAEP", - "request_object_encryption_enc" : "A128GCM" -} \ No newline at end of file diff --git a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json deleted file mode 100644 index 264c4afb78e..00000000000 --- a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/resources/update-requests/request3.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "client_name": "dcr-app-3", - "redirect_uris": [ - "https://abc/redirect1", - "https://abc/redirect2" - ], - "grant_types": [ - "client_credentials" - ], - "jwks_uri": "https://localhost/jwks", - - "token_endpoint_auth_method": "private_key_jwt", - "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", - "id_token_signed_response_alg" : "PS256", - "id_token_encrypted_response_alg" : "RSA-OAEP", - "id_token_encrypted_response_enc" : "A128GCM", - "authorization_signed_response_alg" : "ES256", - "request_object_signing_alg" : "PS256", - "tls_client_auth_subject_dn" : "dfrrfc", - "require_signed_request_object" : true, - "require_pushed_authorization_requests" : true, - "tls_client_certificate_bound_access_tokens" : true, - "subject_type" : "public", - "request_object_encryption_alg" : "RSA-OAEP", - "request_object_encryption_enc" : "A128GCM" -} \ No newline at end of file From 61dfc21d0a5dbeb40be472abb127ad39bc077f0b Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sat, 21 Oct 2023 20:36:47 +0530 Subject: [PATCH 10/25] add fapi dcr validation tests to a separate class (cherry picked from commit 1cdda47d18ad6c1a03a59c44b735c38946dade4f) --- .../dcrm/api/FAPIDCRValidationsTestCase.java | 141 +++++++++++ .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 228 ++++-------------- .../test/oauth2/dcrm/api/util/DCRUtils.java | 92 +++++++ .../registration-requests/request6.json | 1 - .../registration-requests/request7.json | 1 - .../registration-requests/request8.json | 2 +- .../src/test/resources/testng.xml | 5 + 7 files changed, 285 insertions(+), 185 deletions(-) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java create mode 100644 modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java new file mode 100644 index 00000000000..5e93bcaadf3 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.identity.integration.test.oauth2.dcrm.api; + +import org.apache.http.HttpHeaders; +import org.apache.http.HttpResponse; +import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.HttpClients; +import org.json.simple.JSONObject; +import org.testng.annotations.*; +import org.wso2.carbon.automation.engine.context.AutomationContext; +import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; +import org.wso2.identity.integration.common.utils.ISIntegrationTest; +import org.wso2.identity.integration.test.oauth2.dcrm.api.util.DCRUtils; +import org.wso2.identity.integration.test.oauth2.dcrm.api.util.OAuthDCRMConstants; +import org.wso2.identity.integration.test.util.Utils; + +import java.io.File; + +import static org.testng.Assert.assertEquals; + +public class FAPIDCRValidationsTestCase extends ISIntegrationTest { + + private HttpClient client; + private String client_id; + private String username; + private String password; + private String tenant; + private ServerConfigurationManager serverConfigurationManager; + + @Factory(dataProvider = "dcrmConfigProvider") + public FAPIDCRValidationsTestCase(TestUserMode userMode) throws Exception { + + AutomationContext context = new AutomationContext("IDENTITY", userMode); + this.username = context.getContextTenant().getTenantAdmin().getUserName(); + this.password = context.getContextTenant().getTenantAdmin().getPassword(); + this.tenant = context.getContextTenant().getDomain(); + + } + + @DataProvider(name = "dcrmConfigProvider") + public static Object[][] dcrmConfigProvider() { + return new Object[][]{{TestUserMode.SUPER_TENANT_ADMIN}, {TestUserMode.TENANT_ADMIN}}; + } + + @BeforeClass(alwaysRun = true) + public void testInit() throws Exception { + super.init(); + client = HttpClients.createDefault(); + changeISConfiguration(); + } + + @DataProvider(name = "dcrConfigProvider") + private static Object[][] dcrConfigProvider() throws Exception { + + String INVALID_CLIENT_METADATA = "invalid_client_metadata"; + String INVALID_SOFTWARE_STATEMENT = "invalid_software_statement"; + return new Object[][]{ + { + DCRUtils.getRegisterRequestJSON("request1.json"), INVALID_CLIENT_METADATA, + "Invalid token endpoint authentication method requested." + }, + { + DCRUtils.getRegisterRequestJSON("request2.json"), INVALID_CLIENT_METADATA, + "Invalid signature algorithm requested" + }, + { + DCRUtils.getRegisterRequestJSON("request3.json"), INVALID_CLIENT_METADATA, + "Invalid encryption algorithm requested" + }, + { + DCRUtils.getRegisterRequestJSON("request4.json"), INVALID_CLIENT_METADATA, + "Sector identifier URI is needed for PPID calculation" + }, + { + DCRUtils.getRegisterRequestJSON("request5.json"), INVALID_CLIENT_METADATA, + "Redirect URI missing in sector identifier URI set" + }, + { + DCRUtils.getRegisterRequestJSON("request8.json"), INVALID_SOFTWARE_STATEMENT, + "Signature validation failed for the software statement" + } + }; + } + + private void changeISConfiguration() throws Exception { + + log.info("Adding entity id of SSOService to deployment.toml file"); + String carbonHome = Utils.getResidentCarbonHome(); + File defaultConfigFile = getDeploymentTomlFile(carbonHome); + File configuredIdentityXML = new File(getISResourceLocation() + File.separator + "oauth" + + File.separator + "dcr-fapi-validation-enabled.toml"); + serverConfigurationManager = new ServerConfigurationManager(isServer); + serverConfigurationManager.applyConfigurationWithoutRestart(configuredIdentityXML, + defaultConfigFile, true); + serverConfigurationManager.restartGracefully(); + } + + @Test(alwaysRun = true, groups = "wso2.is", priority = 11, + description = "Check FAPI validations, PPID and SSA during DCR", dataProvider = "dcrConfigProvider") + public void validateErrorScenarios(JSONObject requestJSON, String errorCode, String errorMessage) throws Exception { + + HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); + request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + StringEntity entity = new StringEntity(requestJSON.toJSONString()); + request.setEntity(entity); + HttpResponse response = client.execute(request); + + assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider " + + "has not been created successfully"); + JSONObject errorResponse = DCRUtils.getPayload(response); + assertEquals(errorResponse.get("error"), errorCode); + assertEquals(errorResponse.get("error_description"), errorMessage); + } + + @AfterClass(alwaysRun = true) + public void cleanup() throws Exception { + + serverConfigurationManager.restoreToLastConfiguration(); + } + +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index dfb6b46d738..0588ff8212f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -18,7 +18,6 @@ package org.wso2.identity.integration.test.oauth2.dcrm.api; import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.commons.codec.binary.Base64; import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; @@ -32,23 +31,22 @@ import org.json.simple.JSONArray; import org.json.simple.JSONObject; import org.json.simple.JSONValue; -import org.json.simple.parser.JSONParser; -import org.testng.annotations.*; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Factory; +import org.testng.annotations.Test; import org.wso2.carbon.automation.engine.context.AutomationContext; import org.wso2.carbon.automation.engine.context.TestUserMode; -import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; import org.wso2.identity.integration.common.utils.ISIntegrationTest; +import org.wso2.identity.integration.test.oauth2.dcrm.api.util.DCRUtils; import org.wso2.identity.integration.test.oauth2.dcrm.api.util.OAuthDCRMConstants; -import org.wso2.identity.integration.test.util.Utils; -import java.io.*; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNotNull; -import static org.testng.Assert.assertTrue; /** * OAuth2 DCRM API Create process test case @@ -61,9 +59,6 @@ public class OAuthDCRMTestCase extends ISIntegrationTest { private String username; private String password; private String tenant; - private static JSONParser parser = new JSONParser(); - private static final String REGISTER_REQUESTS_LOCATION = "registration.requests.location"; - private ServerConfigurationManager serverConfigurationManager; @Factory(dataProvider = "dcrmConfigProvider") public OAuthDCRMTestCase(TestUserMode userMode) throws Exception { @@ -79,103 +74,15 @@ public OAuthDCRMTestCase(TestUserMode userMode) throws Exception { public static Object[][] dcrmConfigProvider() { return new Object[][]{{TestUserMode.SUPER_TENANT_ADMIN}, {TestUserMode.TENANT_ADMIN}}; } - - @DataProvider(name = "dcrConfigProvider") - private static Object[][] dcrConfigProvider() throws Exception { - - String INVALID_CLIENT_METADATA = "invalid_client_metadata"; - String INVALID_SOFTWARE_STATEMENT = "invalid_software_statement"; - return new Object[][]{ - { - getRegisterRequestJSON("request1.json"), INVALID_CLIENT_METADATA, - "Invalid token endpoint authentication method requested." - }, - { - getRegisterRequestJSON("request2.json"), INVALID_CLIENT_METADATA, - "Invalid signature algorithm requested" - }, - { - getRegisterRequestJSON("request3.json"), INVALID_CLIENT_METADATA, - "Invalid encryption algorithm requested" - }, - { - getRegisterRequestJSON("request4.json"), INVALID_CLIENT_METADATA, - "Sector identifier URI is needed for PPID calculation" - }, - { - getRegisterRequestJSON("request5.json"), INVALID_CLIENT_METADATA, - "Redirect URI missing in sector identifier URI set" - }, - { - getRegisterRequestJSON("request8.json"), INVALID_SOFTWARE_STATEMENT, - "Signature validation failed for the software statement" - } - }; - } - @BeforeClass(alwaysRun = true) public void testInit() throws Exception { super.init(); client = HttpClients.createDefault(); - changeISConfiguration(); - } - - @AfterClass(alwaysRun = true) - public void restoreConfiguration() throws Exception { - resetISConfiguration(); - } - - private void changeISConfiguration() throws Exception { - - log.info("Adding entity id of SSOService to deployment.toml file"); - String carbonHome = Utils.getResidentCarbonHome(); - File defaultConfigFile = getDeploymentTomlFile(carbonHome); - File configuredIdentityXML = new File(getISResourceLocation() + File.separator + "oauth" - + File.separator + "dcr-fapi-validation-enabled.toml"); - serverConfigurationManager = new ServerConfigurationManager(isServer); - serverConfigurationManager.applyConfigurationWithoutRestart(configuredIdentityXML, defaultConfigFile, true); - serverConfigurationManager.restartGracefully(); - } - - private void resetISConfiguration() throws Exception { - - log.info("Replacing identity.xml with default configurations"); - serverConfigurationManager.restoreToLastConfiguration(false); } - - /** - * Get register request JSON object. - * - * @param fileName File name. - * @return Register request JSON object. - * @throws Exception Exception. - */ - private static JSONObject getRegisterRequestJSON(String fileName) throws Exception { - - return (JSONObject) parser.parse(new FileReader(getFilePath(REGISTER_REQUESTS_LOCATION, fileName))); - } - - /** - * Get file path. - * - * @param folderPath Folder path. - * @param fileName File name. - * @return File path. - * @throws Exception Exception. - */ - private static String getFilePath(String folderPath, String fileName) throws Exception { - - Path path = Paths.get(System.getProperty(folderPath) + fileName); - if (!Files.exists(path)) { - throw new FileNotFoundException("Failed to find file: " + path.toString()); - } - return path.toString(); - } - @Test(alwaysRun = true, groups = "wso2.is", priority = 1, description = "Create a service provider successfully") public void testCreateServiceProviderRequest() throws IOException { - HttpPost request = new HttpPost(getPath()); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); JSONArray grantTypes = new JSONArray(); @@ -211,8 +118,8 @@ public void testCreateServiceProviderRequest() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 2, description = "Create a service provider with already registered client name") public void testCreateServiceProviderRequestWithExistingClientName() throws IOException { - HttpPost request = new HttpPost(getPath()); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); JSONArray grantTypes = new JSONArray(); @@ -247,8 +154,8 @@ public void testCreateServiceProviderRequestWithExistingClientName() throws IOEx @Test(alwaysRun = true, groups = "wso2.is", priority = 3, description = "Read service provider") public void testReadServiceProvider() throws IOException { - HttpGet request = new HttpGet(getPath() + client_id); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpGet request = new HttpGet(DCRUtils.getPath(tenant) + client_id); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); HttpResponse response = client.execute(request); @@ -265,8 +172,8 @@ public void testReadServiceProvider() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 4, description = "Read request with an invalid client ID") public void testReadServiceProviderWithInvalidClientID() throws IOException { - HttpGet request = new HttpGet(getPath() + OAuthDCRMConstants.INVALID_CLIENT_ID); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpGet request = new HttpGet(DCRUtils.getPath(tenant) + OAuthDCRMConstants.INVALID_CLIENT_ID); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); HttpResponse response = client.execute(request); @@ -278,8 +185,8 @@ public void testReadServiceProviderWithInvalidClientID() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 5, description = "Delete Service Provider") public void testDeleteServiceProvider() throws IOException { - HttpDelete request = new HttpDelete(getPath() + client_id); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpDelete request = new HttpDelete(DCRUtils.getPath(tenant) + client_id); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); HttpResponse response = client.execute(request); assertEquals(response.getStatusLine().getStatusCode(), 204, "Service provider has not " + @@ -287,8 +194,8 @@ public void testDeleteServiceProvider() throws IOException { EntityUtils.consume(response.getEntity()); - HttpGet getRequest = new HttpGet(getPath() + client_id); - getRequest.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpGet getRequest = new HttpGet(DCRUtils.getPath(tenant) + client_id); + getRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); response = client.execute(request); @@ -302,8 +209,8 @@ public void testDeleteServiceProvider() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 6, description = "Delete service provider request with " + "invalid client id") public void testDeleteRequestWithInvalidClientID() throws IOException { - HttpDelete request = new HttpDelete(getPath() + OAuthDCRMConstants.INVALID_CLIENT_ID); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpDelete request = new HttpDelete(DCRUtils.getPath(tenant) + OAuthDCRMConstants.INVALID_CLIENT_ID); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); HttpResponse response = client.execute(request); assertEquals(response.getStatusLine().getStatusCode(), 401, "Service Provider delete request " + @@ -315,8 +222,8 @@ public void testDeleteRequestWithInvalidClientID() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", description = "Try to register an OAuth app with authorization_code " + "grant without any redirect uris.", priority = 7) public void testRegisterAppWithAuthzCodeGrantAndNoRedirectUris() throws IOException { - HttpPost request = new HttpPost(getPath()); - setRequestHeaders(request); + HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + DCRUtils.setRequestHeaders(request, username, password); JSONArray grantTypes = new JSONArray(); grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_AUTHORIZATION_CODE); @@ -348,8 +255,8 @@ public void testRollbackOnInvalidRequest() throws IOException { requestBody.put(OAuthDCRMConstants.GRANT_TYPES, grantTypes); //////////////////////// BAD REQUEST WITH EMPTY REDIRECT URI /////////////////////////// - HttpPost badRequestWithoutRedirectUris = new HttpPost(getPath()); - setRequestHeaders(badRequestWithoutRedirectUris); + HttpPost badRequestWithoutRedirectUris = new HttpPost(DCRUtils.getPath(tenant)); + DCRUtils.setRequestHeaders(badRequestWithoutRedirectUris, username, password); // We keep the redirect uris empty to make this a bad request. JSONObject badRequestBody = (JSONObject) requestBody.clone(); badRequestBody.put(OAuthDCRMConstants.REDIRECT_URIS, new JSONArray()); @@ -362,8 +269,8 @@ public void testRollbackOnInvalidRequest() throws IOException { EntityUtils.consume(failedResponse.getEntity()); ///////////////// VALID REQUEST WITH THE SAME CLIENT_NAME /////////////////////////// - HttpPost validRequest = new HttpPost(getPath()); - setRequestHeaders(validRequest); + HttpPost validRequest = new HttpPost(DCRUtils.getPath(tenant)); + DCRUtils.setRequestHeaders(validRequest, username, password); JSONArray redirectURIs = new JSONArray(); redirectURIs.add(OAuthDCRMConstants.REDIRECT_URI); @@ -373,8 +280,9 @@ public void testRollbackOnInvalidRequest() throws IOException { validRequest.setEntity(new StringEntity(validJSONBody.toJSONString())); HttpResponse successResponse = client.execute(validRequest); - assertEquals(successResponse.getStatusLine().getStatusCode(), 201, "Service Provider should have been created " + - "with the same client name: " + DUMMY_DCR_APP + " attempted in the previous failed request."); + assertEquals(successResponse.getStatusLine().getStatusCode(), 201, + "Service Provider should have been created with the same client name: " + DUMMY_DCR_APP + + " attempted in the previous failed request."); BufferedReader rd = new BufferedReader(new InputStreamReader(successResponse.getEntity().getContent())); Object responseObj = JSONValue.parse(rd); @@ -385,41 +293,14 @@ public void testRollbackOnInvalidRequest() throws IOException { // Deleting created application. testDeleteServiceProvider(); } - - private void setRequestHeaders(HttpPost request) { - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); - request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); - } - - private String getPath() { - if (tenant.equals("carbon.super")) { - return OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART + OAuthDCRMConstants.DCR_ENDPOINT_PATH_PART; - } else { - return OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART + "/t/" + tenant + OAuthDCRMConstants - .DCR_ENDPOINT_PATH_PART; - } - } - - private String getAuthzHeader() { - return "Basic " + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); - } - - private JSONObject getPayload(HttpResponse response) throws IOException { - - BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); - Object responseObj = JSONValue.parse(rd); - EntityUtils.consume(response.getEntity()); - return (JSONObject) responseObj; - } - - @Test(alwaysRun = true, groups = "wso2.is", priority = 9, description = "Create a service provider with " + + @Test(alwaysRun = true, groups = "wso2.is", priority = 9, description = "Create a service provider with " + "additional OIDC properties") public void testCreateServiceProviderRequestWithAdditionalParameters() throws Exception { - HttpPost request = new HttpPost(getPath()); - JSONObject registerRequestJSON = getRegisterRequestJSON("request6.json"); + HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + JSONObject registerRequestJSON = DCRUtils.getRegisterRequestJSON("request6.json"); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); StringEntity entity = new StringEntity(registerRequestJSON.toJSONString()); request.setEntity(entity); @@ -428,31 +309,31 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws Ex HttpResponse response = client.execute(request); assertEquals(response.getStatusLine().getStatusCode(), 201, "Service Provider " + "has not been created successfully"); - JSONObject createResponsePayload = getPayload(response); + JSONObject createResponsePayload = DCRUtils.getPayload(response); client_id = ((JSONObject) createResponsePayload).get("client_id").toString(); assertNotNull(client_id, "client_id cannot be null"); createResponsePayload.remove("client_id"); createResponsePayload.remove("client_secret"); createResponsePayload.remove("client_secret_expires_at"); + createResponsePayload.remove("software_statement"); assertEquals(mapper.readTree(createResponsePayload.toJSONString()), mapper.readTree( registerRequestJSON.toJSONString()), "Response payload should be equal."); - HttpGet getRequest = new HttpGet(getPath() + client_id); - getRequest.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpGet getRequest = new HttpGet(DCRUtils.getPath(tenant) + client_id); + getRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); HttpResponse getResponse = client.execute(getRequest); assertEquals(getResponse.getStatusLine().getStatusCode(), 200, "Service provider request " + "has not returned with successful response"); - JSONObject getResponsePayload = getPayload(getResponse); + JSONObject getResponsePayload = DCRUtils.getPayload(getResponse); getResponsePayload.remove("client_id"); getResponsePayload.remove("client_secret"); getResponsePayload.remove("client_secret_expires_at"); - - registerRequestJSON.remove("software_statement"); getResponsePayload.remove("software_statement"); + assertEquals(mapper.readTree(getResponsePayload.toJSONString()), mapper.readTree( registerRequestJSON.toJSONString()), "Response payload should be equal."); } @@ -461,10 +342,10 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws Ex "additional OIDC properties") public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Exception { - HttpPut request = new HttpPut(getPath() + client_id); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); + HttpPut request = new HttpPut(DCRUtils.getPath(tenant) + client_id); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); - JSONObject updateRequestPayload = getRegisterRequestJSON("request7.json"); + JSONObject updateRequestPayload = DCRUtils.getRegisterRequestJSON("request7.json"); StringEntity entity = new StringEntity(updateRequestPayload.toJSONString()); request.setEntity(entity); @@ -473,33 +354,16 @@ public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Ex HttpResponse response = client.execute(request); assertEquals(response.getStatusLine().getStatusCode(), 200, "Service Provider " + "has not been created successfully"); - JSONObject updateResponsePayload = getPayload(response); + JSONObject updateResponsePayload = DCRUtils.getPayload(response); client_id = ((JSONObject) updateResponsePayload).get("client_id").toString(); assertNotNull(client_id, "client_id cannot be null"); updateResponsePayload.remove("client_id"); updateResponsePayload.remove("client_secret"); updateResponsePayload.remove("client_secret_expires_at"); + updateResponsePayload.remove("software_statement"); assertEquals(mapper.readTree(updateResponsePayload.toJSONString()), mapper.readTree(updateRequestPayload.toJSONString()), "Response payload should be equal."); testDeleteServiceProvider(); } - - @Test(alwaysRun = true, groups = "wso2.is", priority = 11, - description = "Check FAPI validations, PPID and SSA during DCR", dataProvider = "dcrConfigProvider") - public void validateErrorScenarios(JSONObject requestJSON, String errorCode, String errorMessage) throws Exception { - - HttpPost request = new HttpPost(getPath()); - request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader()); - request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); - StringEntity entity = new StringEntity(requestJSON.toJSONString()); - request.setEntity(entity); - HttpResponse response = client.execute(request); - - assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider " + - "has not been created successfully"); - JSONObject errorResponse = getPayload(response); - assertEquals(errorResponse.get("error"), errorCode); - assertEquals(errorResponse.get("error_description"), errorMessage); - } } diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java new file mode 100644 index 00000000000..4a14359c033 --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.wso2.identity.integration.test.oauth2.dcrm.api.util; + +import org.apache.commons.codec.binary.Base64; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.util.EntityUtils; +import org.json.simple.JSONObject; +import org.json.simple.JSONValue; +import org.json.simple.parser.JSONParser; + +import java.io.*; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; + +public class DCRUtils { + + private static JSONParser parser = new JSONParser(); + private static final String REGISTER_REQUESTS_LOCATION = "registration.requests.location"; + + /** + * Get register request JSON object. + * + * @param fileName File name. + * @return Register request JSON object. + * @throws Exception Exception. + */ + public static JSONObject getRegisterRequestJSON(String fileName) throws Exception { + + return (JSONObject) parser.parse(new FileReader(getFilePath(REGISTER_REQUESTS_LOCATION, fileName))); + } + + /** + * Get file path. + * + * @param folderPath Folder path. + * @param fileName File name. + * @return File path. + * @throws Exception Exception. + */ + public static String getFilePath(String folderPath, String fileName) throws Exception { + + Path path = Paths.get(System.getProperty(folderPath) + fileName); + if (!Files.exists(path)) { + throw new FileNotFoundException("Failed to find file: " + path.toString()); + } + return path.toString(); + } + + public static void setRequestHeaders(HttpPost request, String username, String password) { + request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader(username, password)); + request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + } + + public static String getPath(String tenant) { + if (tenant.equals("carbon.super")) { + return OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART + OAuthDCRMConstants.DCR_ENDPOINT_PATH_PART; + } else { + return OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART + "/t/" + tenant + OAuthDCRMConstants + .DCR_ENDPOINT_PATH_PART; + } + } + public static String getAuthzHeader(String username, String password) { + return "Basic " + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); + } + + public static JSONObject getPayload(HttpResponse response) throws IOException { + + BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); + Object responseObj = JSONValue.parse(rd); + EntityUtils.consume(response.getEntity()); + return (JSONObject) responseObj; + } +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json index ce6671db219..4315214b7b2 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json @@ -9,7 +9,6 @@ "implicit" ], "jwks_uri": "https://localhost/jwks", - "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1ESmxOakl4TjJFMU9HWmxPR1ZtTUdReE9URmxNekJtTm1GalpqUTBZMll3T0dZME4ySTBZekU0WXpaak5qUmhZbVJtTW1RME9EZGlORGhqTUdFd01BX1JTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2NDc0MDU5NDAsImp0aSI6IjM2YjVkZmUwMjA1YzQwNjAiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoib1E0S29hYXZwT3VvRTdydlFzWkVPViIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im9RNEtvYWF2cE91b0U3cnZRc1pFT1YiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUDIgKFNhbmRib3gpIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiV1NPMiBPcGVuIEJhbmtpbmcgVFBQMiBmb3IgdGVzdGluZyIsInNvZnR3YXJlX3ZlcnNpb24iOjEuNSwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19LHsibWVtYmVyX3N0YXRlIjoiSUUiLCJyb2xlcyI6WyJQSVNQIiwiQ0JQSUkiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkL29RNEtvYWF2cE91b0U3cnZRc1pFT1YuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3d3dy5nb29nbGUuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.H_9zUiJnaGxdCW1hY16IpRVRdVwZTeoKG3t8NrQ5t_VAF4OPIhz1rhJgE117Z-MA6rVOhs3qXe-3-qswm9uEPR5El3qGfumCcmrKouh7xfE8NJo65Ox947cDgPVfY2RmdIJ5snZHZaw66Ty0iy0x57RSQCjMBkKzJGxG_uv6usS6TLCz_Z7sYl0aZ_SORlg2OWCMJ-LspPCfqzh09_eIuP2_2n9rW6-98kz7MebP4rPJn4wdUtHLc_noMydey6MCOZCMOl4wXbkbvZxMq2oRtoV_VYPkgs1lzGobE5OgAX4UKMk9jOKJkhD-k6AENG35Z1_U2K9kdhpXLwCJwzJbfg", "token_endpoint_auth_method": "private_key_jwt", "token_endpoint_auth_signing_alg" : "PS256", "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json index cea73176f2f..c87580340af 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json @@ -9,7 +9,6 @@ "implicit" ], "jwks_uri": "https://localhost/jwks", - "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1ESmxOakl4TjJFMU9HWmxPR1ZtTUdReE9URmxNekJtTm1GalpqUTBZMll3T0dZME4ySTBZekU0WXpaak5qUmhZbVJtTW1RME9EZGlORGhqTUdFd01BX1JTMjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2NDc0MDU5NDAsImp0aSI6IjM2YjVkZmUwMjA1YzQwNjAiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoib1E0S29hYXZwT3VvRTdydlFzWkVPViIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im9RNEtvYWF2cE91b0U3cnZRc1pFT1YiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUDIgKFNhbmRib3gpIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiV1NPMiBPcGVuIEJhbmtpbmcgVFBQMiBmb3IgdGVzdGluZyIsInNvZnR3YXJlX3ZlcnNpb24iOjEuNSwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19LHsibWVtYmVyX3N0YXRlIjoiSUUiLCJyb2xlcyI6WyJQSVNQIiwiQ0JQSUkiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkL29RNEtvYWF2cE91b0U3cnZRc1pFT1YuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3d3dy5nb29nbGUuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.H_9zUiJnaGxdCW1hY16IpRVRdVwZTeoKG3t8NrQ5t_VAF4OPIhz1rhJgE117Z-MA6rVOhs3qXe-3-qswm9uEPR5El3qGfumCcmrKouh7xfE8NJo65Ox947cDgPVfY2RmdIJ5snZHZaw66Ty0iy0x57RSQCjMBkKzJGxG_uv6usS6TLCz_Z7sYl0aZ_SORlg2OWCMJ-LspPCfqzh09_eIuP2_2n9rW6-98kz7MebP4rPJn4wdUtHLc_noMydey6MCOZCMOl4wXbkbvZxMq2oRtoV_VYPkgs1lzGobE5OgAX4UKMk9jOKJkhD-k6AENG35Z1_U2K9kdhpXLwCJwzJbfg", "token_endpoint_auth_method": "tls_client_auth", "token_endpoint_auth_signing_alg" : "PS256", "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json index ec0bacf4d86..a587fa05128 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json @@ -2,7 +2,7 @@ "redirect_uris": [ "https://abc/redirect1" ], - "client_name": "TestAdditionalProperties", + "client_name": "TestInvalidSSA", "grant_types": [ "authorization_code", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml index 303b8367c65..b5a88adf852 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml @@ -367,4 +367,9 @@ + + + + + From cc18af58eabe04d54ae91c5788ae3b16987a64bf Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 23 Oct 2023 22:12:04 +0530 Subject: [PATCH 11/25] add config changes (cherry picked from commit 1da018c9743d00f28789995fb722e01cb8504011) --- .../artifacts/IS/oauth/dcr-fapi-validation-enabled.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml index 05714c5543f..adb7419a127 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml @@ -32,3 +32,5 @@ dcr.enable_sector_identifier_validation=true dcr.ssa_jkws="https://localhost:9853/oauth2/jwks" dcr.enable_fapi_enforcement=true oidc.fapi.enable_validation=true +oidc.fapi.allowed_client_authentication_methods = ["private_key_jwt", "tls_client_auth"] +oidc.fapi.allowed_signature_algorithms = ["PS256", "ES256"] \ No newline at end of file From 4b544401f2461d45df984332a00211a5f13c16f1 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Tue, 31 Oct 2023 15:06:53 +0530 Subject: [PATCH 12/25] address pr comments (cherry picked from commit 9907c3c7743adf752be8be846082b37ff4935bb1) --- .../oauth2/dcrm/api/FAPIDCRValidationsTestCase.java | 12 ++++++++++-- .../test/oauth2/dcrm/api/util/DCRUtils.java | 12 +++++++++++- .../oauth2/dcrm/api/util/OAuthDCRMConstants.java | 4 ---- .../IS/oauth/dcr-fapi-validation-enabled.toml | 2 +- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 5e93bcaadf3..4ac0ab78257 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -24,7 +24,11 @@ import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.HttpClients; import org.json.simple.JSONObject; -import org.testng.annotations.*; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Factory; +import org.testng.annotations.Test; import org.wso2.carbon.automation.engine.context.AutomationContext; import org.wso2.carbon.automation.engine.context.TestUserMode; import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager; @@ -37,10 +41,12 @@ import static org.testng.Assert.assertEquals; +/** + * FAPI validation test case for the DCR flow + */ public class FAPIDCRValidationsTestCase extends ISIntegrationTest { private HttpClient client; - private String client_id; private String username; private String password; private String tenant; @@ -58,11 +64,13 @@ public FAPIDCRValidationsTestCase(TestUserMode userMode) throws Exception { @DataProvider(name = "dcrmConfigProvider") public static Object[][] dcrmConfigProvider() { + return new Object[][]{{TestUserMode.SUPER_TENANT_ADMIN}, {TestUserMode.TENANT_ADMIN}}; } @BeforeClass(alwaysRun = true) public void testInit() throws Exception { + super.init(); client = HttpClients.createDefault(); changeISConfiguration(); diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java index 4a14359c033..8e6252ee634 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java @@ -26,11 +26,18 @@ import org.json.simple.JSONValue; import org.json.simple.parser.JSONParser; -import java.io.*; +import java.io.BufferedReader; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.InputStreamReader; +import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +/** + * Utils for preparing DCR payloads + */ public class DCRUtils { private static JSONParser parser = new JSONParser(); @@ -66,11 +73,13 @@ public static String getFilePath(String folderPath, String fileName) throws Exce } public static void setRequestHeaders(HttpPost request, String username, String password) { + request.addHeader(HttpHeaders.AUTHORIZATION, getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); } public static String getPath(String tenant) { + if (tenant.equals("carbon.super")) { return OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART + OAuthDCRMConstants.DCR_ENDPOINT_PATH_PART; } else { @@ -79,6 +88,7 @@ public static String getPath(String tenant) { } } public static String getAuthzHeader(String username, String password) { + return "Basic " + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); } diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java index e603e887cde..f690e4e1bf5 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java @@ -61,8 +61,4 @@ public class OAuthDCRMConstants { public static final String REQUEST_OBJECT_ENCRYPTION_ALGORITHM = "request_object_encryption_alg"; public static final String REQUEST_OBJECT_ENCRYPTION_METHOD = "request_object_encryption_enc"; public static final String JWKS_URI = "jwks_uri"; - - - - } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml index adb7419a127..953307391fb 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/IS/oauth/dcr-fapi-validation-enabled.toml @@ -33,4 +33,4 @@ dcr.ssa_jkws="https://localhost:9853/oauth2/jwks" dcr.enable_fapi_enforcement=true oidc.fapi.enable_validation=true oidc.fapi.allowed_client_authentication_methods = ["private_key_jwt", "tls_client_auth"] -oidc.fapi.allowed_signature_algorithms = ["PS256", "ES256"] \ No newline at end of file +oidc.fapi.allowed_signature_algorithms = ["PS256", "ES256"] From 9e06af6d660c116544e35fb312c427a2f9a3a687 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Tue, 31 Oct 2023 23:20:36 +0530 Subject: [PATCH 13/25] update dcr tests (cherry picked from commit cffe18a366c087d5f02da8f7362f718e85c34850) --- .../dcrm/api/FAPIDCRValidationsTestCase.java | 19 +++++++++++++++++++ .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 11 +++++++++++ 2 files changed, 30 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 4ac0ab78257..1159559d14c 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -21,6 +21,7 @@ import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.methods.HttpPut; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.HttpClients; import org.json.simple.JSONObject; @@ -139,6 +140,24 @@ public void validateErrorScenarios(JSONObject requestJSON, String errorCode, Str assertEquals(errorResponse.get("error"), errorCode); assertEquals(errorResponse.get("error_description"), errorMessage); } + @Test(alwaysRun = true, groups = "wso2.is", priority = 11, + description = "Check FAPI validations, PPID and SSA during DCR", dataProvider = "dcrConfigProvider") + public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String errorCode, String errorMessage) + throws Exception { + + HttpPut request = new HttpPut(DCRUtils.getPath(tenant)); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); + request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + StringEntity entity = new StringEntity(requestJSON.toJSONString()); + request.setEntity(entity); + HttpResponse response = client.execute(request); + + assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider " + + "has not been created successfully"); + JSONObject errorResponse = DCRUtils.getPayload(response); + assertEquals(errorResponse.get("error"), errorCode); + assertEquals(errorResponse.get("error_description"), errorMessage); + } @AfterClass(alwaysRun = true) public void cleanup() throws Exception { diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 0588ff8212f..72227b6215a 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -364,6 +364,17 @@ public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Ex assertEquals(mapper.readTree(updateResponsePayload.toJSONString()), mapper.readTree(updateRequestPayload.toJSONString()), "Response payload should be equal."); + // Verify that updated attribute is correctly returned by retrieving data. + HttpGet getRequest = new HttpGet(DCRUtils.getPath(tenant) + client_id); + getRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); + getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + + HttpResponse getResponse = client.execute(getRequest); + assertEquals(getResponse.getStatusLine().getStatusCode(), 200, "Service provider request " + + "has not returned with successful response"); + JSONObject getResponsePayload = DCRUtils.getPayload(getResponse); + assertEquals(getResponsePayload.get("token_endpoint_auth_method"), "tls_client_auth"); + testDeleteServiceProvider(); } } From cfcb0d5f2b2ff56ad32e46aabff9fccf0ceeec1f Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 1 Nov 2023 13:44:55 +0530 Subject: [PATCH 14/25] update dcr tests (cherry picked from commit f4e163c9ef53c286535233a1f3168002b7120cd1) --- .../dcrm/api/FAPIDCRValidationsTestCase.java | 33 ++++++++++++++----- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 1159559d14c..24fe5906862 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -17,6 +17,7 @@ */ package org.wso2.identity.integration.test.oauth2.dcrm.api; +import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; @@ -41,6 +42,7 @@ import java.io.File; import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertNotNull; /** * FAPI validation test case for the DCR flow @@ -48,6 +50,8 @@ public class FAPIDCRValidationsTestCase extends ISIntegrationTest { private HttpClient client; + private String client_id; + private String username; private String password; private String tenant; @@ -145,12 +149,30 @@ public void validateErrorScenarios(JSONObject requestJSON, String errorCode, Str public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String errorCode, String errorMessage) throws Exception { - HttpPut request = new HttpPut(DCRUtils.getPath(tenant)); + // Create application. + HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + JSONObject registerRequestJSON = DCRUtils.getRegisterRequestJSON("request6.json"); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); - StringEntity entity = new StringEntity(requestJSON.toJSONString()); + StringEntity entity = new StringEntity(registerRequestJSON.toJSONString()); request.setEntity(entity); + ObjectMapper mapper = new ObjectMapper(); + HttpResponse response = client.execute(request); + assertEquals(response.getStatusLine().getStatusCode(), 201, "Service Provider " + + "has not been created successfully"); + JSONObject createResponsePayload = DCRUtils.getPayload(response); + client_id = ((JSONObject) createResponsePayload).get("client_id").toString(); + assertNotNull(client_id, "client_id cannot be null"); + + // Check error scenarios for update request. + HttpPut updateRequest = new HttpPut(DCRUtils.getPath(tenant) + client_id); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); + request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + entity = new StringEntity(requestJSON.toJSONString()); + request.setEntity(entity); + response = client.execute(updateRequest); assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider " + "has not been created successfully"); @@ -158,11 +180,4 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er assertEquals(errorResponse.get("error"), errorCode); assertEquals(errorResponse.get("error_description"), errorMessage); } - - @AfterClass(alwaysRun = true) - public void cleanup() throws Exception { - - serverConfigurationManager.restoreToLastConfiguration(); - } - } From 9eb55f30e849ac592403ebf0ef5222927c8327b7 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 2 Nov 2023 09:12:08 +0530 Subject: [PATCH 15/25] address pr comments (cherry picked from commit 569b39904e77171cd0eb5095dc135d9551243b38) --- .../dcrm/api/FAPIDCRValidationsTestCase.java | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 24fe5906862..68438c5a315 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -21,12 +21,12 @@ import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; +import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPut; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.HttpClients; import org.json.simple.JSONObject; -import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; import org.testng.annotations.DataProvider; import org.testng.annotations.Factory; @@ -51,7 +51,6 @@ public class FAPIDCRValidationsTestCase extends ISIntegrationTest { private HttpClient client; private String client_id; - private String username; private String password; private String tenant; @@ -127,7 +126,7 @@ private void changeISConfiguration() throws Exception { serverConfigurationManager.restartGracefully(); } - @Test(alwaysRun = true, groups = "wso2.is", priority = 11, + @Test(alwaysRun = true, groups = "wso2.is", priority = 1, description = "Check FAPI validations, PPID and SSA during DCR", dataProvider = "dcrConfigProvider") public void validateErrorScenarios(JSONObject requestJSON, String errorCode, String errorMessage) throws Exception { @@ -139,12 +138,13 @@ public void validateErrorScenarios(JSONObject requestJSON, String errorCode, Str HttpResponse response = client.execute(request); assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider " + - "has not been created successfully"); + "should not be created successfully"); JSONObject errorResponse = DCRUtils.getPayload(response); assertEquals(errorResponse.get("error"), errorCode); assertEquals(errorResponse.get("error_description"), errorMessage); } - @Test(alwaysRun = true, groups = "wso2.is", priority = 11, + + @Test(alwaysRun = true, groups = "wso2.is", priority = 2, description = "Check FAPI validations, PPID and SSA during DCR", dataProvider = "dcrConfigProvider") public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String errorCode, String errorMessage) throws Exception { @@ -157,11 +157,10 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); StringEntity entity = new StringEntity(registerRequestJSON.toJSONString()); request.setEntity(entity); - ObjectMapper mapper = new ObjectMapper(); HttpResponse response = client.execute(request); assertEquals(response.getStatusLine().getStatusCode(), 201, "Service Provider " + - "has not been created successfully"); + "created successfully"); JSONObject createResponsePayload = DCRUtils.getPayload(response); client_id = ((JSONObject) createResponsePayload).get("client_id").toString(); assertNotNull(client_id, "client_id cannot be null"); @@ -174,10 +173,18 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er request.setEntity(entity); response = client.execute(updateRequest); - assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider " + - "has not been created successfully"); + assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider should " + + "not be created successfully"); JSONObject errorResponse = DCRUtils.getPayload(response); assertEquals(errorResponse.get("error"), errorCode); assertEquals(errorResponse.get("error_description"), errorMessage); + + // Delete application. + HttpDelete deleteRequest = new HttpDelete(DCRUtils.getPath(tenant) + client_id); + request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); + + HttpResponse deleteResponse = client.execute(deleteRequest); + assertEquals(deleteResponse.getStatusLine().getStatusCode(), 204, "Service provider " + + "deleted successfully"); } } From 6bc1d76730bbbb1d5efa24fa7b9b90045c6891e9 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Thu, 2 Nov 2023 14:08:36 +0530 Subject: [PATCH 16/25] change error message (cherry picked from commit eb249c08d36c695bc165e16f86a8d326a5bfcc0d) --- .../test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 68438c5a315..5ceb15cd7bd 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -185,6 +185,6 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er HttpResponse deleteResponse = client.execute(deleteRequest); assertEquals(deleteResponse.getStatusLine().getStatusCode(), 204, "Service provider " + - "deleted successfully"); + "deletion failed"); } } From eedca72db17796f7923cb24f7c4ad4939ee89c10 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Fri, 3 Nov 2023 14:15:27 +0530 Subject: [PATCH 17/25] change application name to be common (cherry picked from commit d22d6bfc8a18e88429091d929bd0f2dedc16e5db) --- .../test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java | 1 - .../src/test/resources/registration-requests/request1.json | 2 +- .../src/test/resources/registration-requests/request2.json | 2 +- .../src/test/resources/registration-requests/request3.json | 2 +- .../src/test/resources/registration-requests/request4.json | 2 +- .../src/test/resources/registration-requests/request5.json | 2 +- .../src/test/resources/registration-requests/request8.json | 2 +- 7 files changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 5ceb15cd7bd..15e92213ca4 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -17,7 +17,6 @@ */ package org.wso2.identity.integration.test.oauth2.dcrm.api; -import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.http.HttpHeaders; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json index faee6bb47a1..8dee4eee169 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect2" ], - "client_name": "TestsTokenAuthInvalid", + "client_name": "TestAdditionalProperties", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json index cc7768bd4a4..7636a766265 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect2" ], - "client_name": "TestsSignatureAlgoInvalid", + "client_name": "TestAdditionalProperties", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json index 41eddec7421..d9913c5e574 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect2" ], - "client_name": "TestsInvalidEncryption", + "client_name": "TestAdditionalProperties", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json index 4a786004dd1..4d7a683a357 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abcd/redirect2" ], - "client_name": "TestsSSAInvalid", + "client_name": "TestAdditionalProperties", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json index 54e9f15c17b..a30b75e82fd 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect" ], - "client_name": "TestsSSAInvalid", + "client_name": "TestAdditionalProperties", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json index a587fa05128..ec0bacf4d86 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json @@ -2,7 +2,7 @@ "redirect_uris": [ "https://abc/redirect1" ], - "client_name": "TestInvalidSSA", + "client_name": "TestAdditionalProperties", "grant_types": [ "authorization_code", From faf21c92b1e58893d0f3d22beb53b5b32e601ef0 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Sun, 5 Nov 2023 21:54:04 +0530 Subject: [PATCH 18/25] fix test failures (cherry picked from commit 95871e089018cebf844212460f63c756adf504cd) --- .../dcrm/api/FAPIDCRValidationsTestCase.java | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 15e92213ca4..89b6e02dd01 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -150,8 +150,11 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er // Create application. HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); - JSONObject registerRequestJSON = DCRUtils.getRegisterRequestJSON("request6.json"); - + JSONObject registerRequestJSON = DCRUtils.getRegisterRequestJSON("request6.json"); + // Removing sending sector identifier uri to validate error message during update request. + if (errorMessage.equals("Sector identifier URI is needed for PPID calculation")) { + registerRequestJSON.remove("sector_identifier_uri"); + } request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); StringEntity entity = new StringEntity(registerRequestJSON.toJSONString()); @@ -166,22 +169,21 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er // Check error scenarios for update request. HttpPut updateRequest = new HttpPut(DCRUtils.getPath(tenant) + client_id); - request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); - request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); + updateRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); + updateRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); entity = new StringEntity(requestJSON.toJSONString()); - request.setEntity(entity); - response = client.execute(updateRequest); + updateRequest.setEntity(entity); - assertEquals(response.getStatusLine().getStatusCode(), 400, "Service Provider should " + + HttpResponse updateResponse = client.execute(updateRequest); + assertEquals(updateResponse.getStatusLine().getStatusCode(), 400, "Service Provider should " + "not be created successfully"); - JSONObject errorResponse = DCRUtils.getPayload(response); + JSONObject errorResponse = DCRUtils.getPayload(updateResponse); assertEquals(errorResponse.get("error"), errorCode); assertEquals(errorResponse.get("error_description"), errorMessage); // Delete application. HttpDelete deleteRequest = new HttpDelete(DCRUtils.getPath(tenant) + client_id); - request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); - + deleteRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); HttpResponse deleteResponse = client.execute(deleteRequest); assertEquals(deleteResponse.getStatusLine().getStatusCode(), 204, "Service provider " + "deletion failed"); From cd98f8debe13f5d9e5182339aaf0d86465bc0743 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 20 Nov 2023 00:45:41 +0530 Subject: [PATCH 19/25] change application name for error scenarios --- .../src/test/resources/registration-requests/request1.json | 2 +- .../src/test/resources/registration-requests/request2.json | 2 +- .../src/test/resources/registration-requests/request3.json | 2 +- .../src/test/resources/registration-requests/request4.json | 2 +- .../src/test/resources/registration-requests/request5.json | 2 +- .../src/test/resources/registration-requests/request8.json | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json index 8dee4eee169..5bb8611ff26 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect2" ], - "client_name": "TestAdditionalProperties", + "client_name": "TestErrorScenarios", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json index 7636a766265..2d6885bafd1 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect2" ], - "client_name": "TestAdditionalProperties", + "client_name": "TestErrorScenarios", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json index d9913c5e574..003d63bd6ee 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect2" ], - "client_name": "TestAdditionalProperties", + "client_name": "TestErrorScenarios", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json index 4d7a683a357..f590645a7a0 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abcd/redirect2" ], - "client_name": "TestAdditionalProperties", + "client_name": "TestErrorScenarios", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json index a30b75e82fd..44c869fc6ba 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json @@ -3,7 +3,7 @@ "https://abc/redirect1", "https://abc/redirect" ], - "client_name": "TestAdditionalProperties", + "client_name": "TestErrorScenarios", "grant_types": [ "client_credentials" diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json index ec0bacf4d86..4bd9ac60e91 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json @@ -2,7 +2,7 @@ "redirect_uris": [ "https://abc/redirect1" ], - "client_name": "TestAdditionalProperties", + "client_name": "TestErrorScenarios", "grant_types": [ "authorization_code", From 527e1e413d999e8680b361c55bc245d422dee210 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Fri, 8 Dec 2023 12:35:06 +0530 Subject: [PATCH 20/25] send tls_client_certificate_bound_access_tokens in dcr requests --- .../src/test/resources/registration-requests/request1.json | 3 ++- .../src/test/resources/registration-requests/request2.json | 3 ++- .../src/test/resources/registration-requests/request3.json | 3 ++- .../src/test/resources/registration-requests/request4.json | 3 ++- .../src/test/resources/registration-requests/request5.json | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json index 5bb8611ff26..3a5ce5495fa 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json @@ -23,5 +23,6 @@ "require_pushed_authorization_requests" : true, "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", - "request_object_encryption_enc" : "A128GCM" + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens" : true } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json index 2d6885bafd1..f801bfdaa32 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json @@ -23,5 +23,6 @@ "require_pushed_authorization_requests" : true, "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", - "request_object_encryption_enc" : "A128GCM" + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens" : true } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json index 003d63bd6ee..33f37da699b 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json @@ -23,5 +23,6 @@ "require_pushed_authorization_requests" : true, "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", - "request_object_encryption_enc" : "A128GCM" + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens" : true } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json index f590645a7a0..8e64738a269 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request4.json @@ -22,5 +22,6 @@ "require_pushed_authorization_requests" : true, "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", - "request_object_encryption_enc" : "A128GCM" + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens" : true } diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json index 44c869fc6ba..fc9a10999a9 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json @@ -23,5 +23,6 @@ "require_pushed_authorization_requests" : true, "subject_type" : "pairwise", "request_object_encryption_alg" : "RSA-OAEP", - "request_object_encryption_enc" : "A128GCM" + "request_object_encryption_enc" : "A128GCM", + "tls_client_certificate_bound_access_tokens" : true } From e1567be5767895aa47afca73de25609ca3488500 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 1 Jan 2024 22:28:51 +0530 Subject: [PATCH 21/25] address pr comments --- .../dcrm/api/FAPIDCRValidationsTestCase.java | 14 ++++--- .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 42 ++++++++++++------- .../dcrm/api/util/OAuthDCRMConstants.java | 2 +- 3 files changed, 37 insertions(+), 21 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index 89b6e02dd01..fa5bbdbb412 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -1,5 +1,5 @@ -/* - * Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. +/** + * Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com/). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except @@ -129,7 +129,7 @@ private void changeISConfiguration() throws Exception { description = "Check FAPI validations, PPID and SSA during DCR", dataProvider = "dcrConfigProvider") public void validateErrorScenarios(JSONObject requestJSON, String errorCode, String errorMessage) throws Exception { - HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + HttpPost request = new HttpPost(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); StringEntity entity = new StringEntity(requestJSON.toJSONString()); @@ -149,7 +149,7 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er throws Exception { // Create application. - HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + HttpPost request = new HttpPost(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); JSONObject registerRequestJSON = DCRUtils.getRegisterRequestJSON("request6.json"); // Removing sending sector identifier uri to validate error message during update request. if (errorMessage.equals("Sector identifier URI is needed for PPID calculation")) { @@ -168,7 +168,8 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er assertNotNull(client_id, "client_id cannot be null"); // Check error scenarios for update request. - HttpPut updateRequest = new HttpPut(DCRUtils.getPath(tenant) + client_id); + HttpPut updateRequest = new HttpPut(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , + tenant) + client_id); updateRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); updateRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); entity = new StringEntity(requestJSON.toJSONString()); @@ -182,7 +183,8 @@ public void validateErrorScenariosForDCRUpdate(JSONObject requestJSON, String er assertEquals(errorResponse.get("error_description"), errorMessage); // Delete application. - HttpDelete deleteRequest = new HttpDelete(DCRUtils.getPath(tenant) + client_id); + HttpDelete deleteRequest = new HttpDelete(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , + tenant) + client_id); deleteRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); HttpResponse deleteResponse = client.execute(deleteRequest); assertEquals(deleteResponse.getStatusLine().getStatusCode(), 204, "Service provider " + diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 72227b6215a..40c3c4408a2 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -74,6 +74,7 @@ public OAuthDCRMTestCase(TestUserMode userMode) throws Exception { public static Object[][] dcrmConfigProvider() { return new Object[][]{{TestUserMode.SUPER_TENANT_ADMIN}, {TestUserMode.TENANT_ADMIN}}; } + @BeforeClass(alwaysRun = true) public void testInit() throws Exception { super.init(); @@ -81,7 +82,8 @@ public void testInit() throws Exception { } @Test(alwaysRun = true, groups = "wso2.is", priority = 1, description = "Create a service provider successfully") public void testCreateServiceProviderRequest() throws IOException { - HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + + HttpPost request = new HttpPost(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); @@ -118,7 +120,8 @@ public void testCreateServiceProviderRequest() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 2, description = "Create a service provider with already registered client name") public void testCreateServiceProviderRequestWithExistingClientName() throws IOException { - HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + + HttpPost request = new HttpPost(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); @@ -154,7 +157,7 @@ public void testCreateServiceProviderRequestWithExistingClientName() throws IOEx @Test(alwaysRun = true, groups = "wso2.is", priority = 3, description = "Read service provider") public void testReadServiceProvider() throws IOException { - HttpGet request = new HttpGet(DCRUtils.getPath(tenant) + client_id); + HttpGet request = new HttpGet(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)+ client_id); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); @@ -172,7 +175,8 @@ public void testReadServiceProvider() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 4, description = "Read request with an invalid client ID") public void testReadServiceProviderWithInvalidClientID() throws IOException { - HttpGet request = new HttpGet(DCRUtils.getPath(tenant) + OAuthDCRMConstants.INVALID_CLIENT_ID); + + HttpGet request = new HttpGet(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant) + OAuthDCRMConstants.INVALID_CLIENT_ID); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); @@ -185,7 +189,8 @@ public void testReadServiceProviderWithInvalidClientID() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 5, description = "Delete Service Provider") public void testDeleteServiceProvider() throws IOException { - HttpDelete request = new HttpDelete(DCRUtils.getPath(tenant) + client_id); + HttpDelete request = new HttpDelete(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , + tenant) + client_id); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); HttpResponse response = client.execute(request); @@ -194,7 +199,8 @@ public void testDeleteServiceProvider() throws IOException { EntityUtils.consume(response.getEntity()); - HttpGet getRequest = new HttpGet(DCRUtils.getPath(tenant) + client_id); + HttpGet getRequest = new HttpGet(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant) + + client_id); getRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); @@ -209,7 +215,9 @@ public void testDeleteServiceProvider() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", priority = 6, description = "Delete service provider request with " + "invalid client id") public void testDeleteRequestWithInvalidClientID() throws IOException { - HttpDelete request = new HttpDelete(DCRUtils.getPath(tenant) + OAuthDCRMConstants.INVALID_CLIENT_ID); + + HttpDelete request = new HttpDelete(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , + tenant) + OAuthDCRMConstants.INVALID_CLIENT_ID); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); HttpResponse response = client.execute(request); @@ -222,7 +230,8 @@ public void testDeleteRequestWithInvalidClientID() throws IOException { @Test(alwaysRun = true, groups = "wso2.is", description = "Try to register an OAuth app with authorization_code " + "grant without any redirect uris.", priority = 7) public void testRegisterAppWithAuthzCodeGrantAndNoRedirectUris() throws IOException { - HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + + HttpPost request = new HttpPost(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); DCRUtils.setRequestHeaders(request, username, password); JSONArray grantTypes = new JSONArray(); @@ -246,6 +255,7 @@ public void testRegisterAppWithAuthzCodeGrantAndNoRedirectUris() throws IOExcept @Test(alwaysRun = true, groups = "wso2.is", priority = 8, description = "Check whether created service providers " + "are cleaned up when OAuth app creation fails.") public void testRollbackOnInvalidRequest() throws IOException { + // Basic Request JSONArray grantTypes = new JSONArray(); grantTypes.add(OAuthDCRMConstants.GRANT_TYPE_AUTHORIZATION_CODE); @@ -255,7 +265,8 @@ public void testRollbackOnInvalidRequest() throws IOException { requestBody.put(OAuthDCRMConstants.GRANT_TYPES, grantTypes); //////////////////////// BAD REQUEST WITH EMPTY REDIRECT URI /////////////////////////// - HttpPost badRequestWithoutRedirectUris = new HttpPost(DCRUtils.getPath(tenant)); + HttpPost badRequestWithoutRedirectUris = new HttpPost(getTenantQualifiedURL( + OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); DCRUtils.setRequestHeaders(badRequestWithoutRedirectUris, username, password); // We keep the redirect uris empty to make this a bad request. JSONObject badRequestBody = (JSONObject) requestBody.clone(); @@ -269,7 +280,7 @@ public void testRollbackOnInvalidRequest() throws IOException { EntityUtils.consume(failedResponse.getEntity()); ///////////////// VALID REQUEST WITH THE SAME CLIENT_NAME /////////////////////////// - HttpPost validRequest = new HttpPost(DCRUtils.getPath(tenant)); + HttpPost validRequest = new HttpPost(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); DCRUtils.setRequestHeaders(validRequest, username, password); JSONArray redirectURIs = new JSONArray(); @@ -297,7 +308,7 @@ public void testRollbackOnInvalidRequest() throws IOException { "additional OIDC properties") public void testCreateServiceProviderRequestWithAdditionalParameters() throws Exception { - HttpPost request = new HttpPost(DCRUtils.getPath(tenant)); + HttpPost request = new HttpPost(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant)); JSONObject registerRequestJSON = DCRUtils.getRegisterRequestJSON("request6.json"); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); @@ -320,7 +331,8 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws Ex assertEquals(mapper.readTree(createResponsePayload.toJSONString()), mapper.readTree( registerRequestJSON.toJSONString()), "Response payload should be equal."); - HttpGet getRequest = new HttpGet(DCRUtils.getPath(tenant) + client_id); + HttpGet getRequest = new HttpGet(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant) + + client_id); getRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); @@ -342,7 +354,8 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws Ex "additional OIDC properties") public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Exception { - HttpPut request = new HttpPut(DCRUtils.getPath(tenant) + client_id); + HttpPut request = new HttpPut(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant) + + client_id); request.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); JSONObject updateRequestPayload = DCRUtils.getRegisterRequestJSON("request7.json"); @@ -365,7 +378,8 @@ public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Ex mapper.readTree(updateRequestPayload.toJSONString()), "Response payload should be equal."); // Verify that updated attribute is correctly returned by retrieving data. - HttpGet getRequest = new HttpGet(DCRUtils.getPath(tenant) + client_id); + HttpGet getRequest = new HttpGet(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant) + + client_id); getRequest.addHeader(HttpHeaders.AUTHORIZATION, DCRUtils.getAuthzHeader(username, password)); getRequest.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java index f690e4e1bf5..7a7ea8f4b4a 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/OAuthDCRMConstants.java @@ -18,7 +18,7 @@ package org.wso2.identity.integration.test.oauth2.dcrm.api.util; public class OAuthDCRMConstants { - public static final String DCR_ENDPOINT_HOST_PART = "https://localhost:9853"; + public static final String DCR_ENDPOINT_HOST_PART = "https://localhost:9853/api/identity/oauth2/dcr/v1.1/register/"; public static final String DCR_ENDPOINT_PATH_PART = "/api/identity/oauth2/dcr/v1.1/register/"; public static final String CLIENT_NAME = "client_name"; public static final String GRANT_TYPES = "grant_types"; From d0f6e2689a7c11165c8f24e2c5610284d3e47195 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Mon, 1 Jan 2024 22:40:07 +0530 Subject: [PATCH 22/25] address pr comments --- .../test/oauth2/dcrm/api/util/DCRUtils.java | 12 ++---------- .../identity/scenarios/sso/test/dcr/DCRTestCase.java | 2 +- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java index 8e6252ee634..8b7fabffba1 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java @@ -25,6 +25,7 @@ import org.json.simple.JSONObject; import org.json.simple.JSONValue; import org.json.simple.parser.JSONParser; +import org.wso2.identity.integration.test.utils.OAuth2Constant; import java.io.BufferedReader; import java.io.FileNotFoundException; @@ -78,18 +79,9 @@ public static void setRequestHeaders(HttpPost request, String username, String p request.addHeader(HttpHeaders.CONTENT_TYPE, OAuthDCRMConstants.CONTENT_TYPE); } - public static String getPath(String tenant) { - - if (tenant.equals("carbon.super")) { - return OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART + OAuthDCRMConstants.DCR_ENDPOINT_PATH_PART; - } else { - return OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART + "/t/" + tenant + OAuthDCRMConstants - .DCR_ENDPOINT_PATH_PART; - } - } public static String getAuthzHeader(String username, String password) { - return "Basic " + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); + return OAuth2Constant.BASIC_HEADER + Base64.encodeBase64String((username + ":" + password).getBytes()).trim(); } public static JSONObject getPayload(HttpResponse response) throws IOException { diff --git a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java index c33c7a6312e..4dfd8d0fb4c 100644 --- a/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java +++ b/product-scenarios/4-single-sign-on/4.1-sso-for-web-app/4.1.4-sso-with-oidc/4.1.4.1-dcr/src/test/java/org/wso2/identity/scenarios/sso/test/dcr/DCRTestCase.java @@ -98,7 +98,7 @@ private static Object[][] dcrConfigProvider() throws Exception { getRegisterRequestJSON("request2.json"), getUpdateRequestJSON("request2.json"), ADMIN_USERNAME, ADMIN_PASSWORD, SUPER_TENANT_DOMAIN } - }; + }; } @BeforeClass(alwaysRun = true) From 8eab0d7cb5644f4374bafe60fc7a4549a08a6a43 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 20 Mar 2024 12:10:03 +0530 Subject: [PATCH 23/25] change year in license header --- .../test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index fa5bbdbb412..a2acceadf6f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -1,5 +1,5 @@ /** - * Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com/). + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com/). * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except From 4be99dca8a914eaa6e9466f14e6e9303be025fc9 Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Wed, 20 Mar 2024 13:40:20 +0530 Subject: [PATCH 24/25] change year in license header --- .../integration/test/oauth2/dcrm/api/util/DCRUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java index 8b7fabffba1..4c0c88f3c27 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/util/DCRUtils.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. + * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com) All Rights Reserved. * * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except From fe0b64d9ccc3a02663cf3f0b7ad0e5f711dbcb0a Mon Sep 17 00:00:00 2001 From: sachinisiriwardene Date: Tue, 2 Apr 2024 08:59:58 +0530 Subject: [PATCH 25/25] fix failing tests --- .../dcrm/api/FAPIDCRValidationsTestCase.java | 3 ++- .../oauth2/dcrm/api/OAuthDCRMTestCase.java | 21 ------------------- .../test/utils/OAuth2Constant.java | 2 +- .../registration-requests/request1.json | 2 +- .../registration-requests/request2.json | 2 +- .../registration-requests/request3.json | 2 +- .../registration-requests/request5.json | 2 +- .../registration-requests/request6.json | 4 ++-- .../registration-requests/request7.json | 2 +- .../registration-requests/request8.json | 2 +- 10 files changed, 11 insertions(+), 31 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java index a2acceadf6f..75bc1e558e9 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/FAPIDCRValidationsTestCase.java @@ -99,7 +99,8 @@ private static Object[][] dcrConfigProvider() throws Exception { }, { DCRUtils.getRegisterRequestJSON("request4.json"), INVALID_CLIENT_METADATA, - "Sector identifier URI is needed for PPID calculation" + "Sector Identifier URI is mandatory if multiple redirect URIs with different" + + "hostnames are configured." }, { DCRUtils.getRegisterRequestJSON("request5.json"), INVALID_CLIENT_METADATA, diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java index 40c3c4408a2..e95318d1672 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/oauth2/dcrm/api/OAuthDCRMTestCase.java @@ -324,12 +324,6 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws Ex client_id = ((JSONObject) createResponsePayload).get("client_id").toString(); assertNotNull(client_id, "client_id cannot be null"); - createResponsePayload.remove("client_id"); - createResponsePayload.remove("client_secret"); - createResponsePayload.remove("client_secret_expires_at"); - createResponsePayload.remove("software_statement"); - assertEquals(mapper.readTree(createResponsePayload.toJSONString()), mapper.readTree( - registerRequestJSON.toJSONString()), "Response payload should be equal."); HttpGet getRequest = new HttpGet(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant) + client_id); @@ -339,15 +333,6 @@ public void testCreateServiceProviderRequestWithAdditionalParameters() throws Ex HttpResponse getResponse = client.execute(getRequest); assertEquals(getResponse.getStatusLine().getStatusCode(), 200, "Service provider request " + "has not returned with successful response"); - - JSONObject getResponsePayload = DCRUtils.getPayload(getResponse); - getResponsePayload.remove("client_id"); - getResponsePayload.remove("client_secret"); - getResponsePayload.remove("client_secret_expires_at"); - getResponsePayload.remove("software_statement"); - - assertEquals(mapper.readTree(getResponsePayload.toJSONString()), mapper.readTree( - registerRequestJSON.toJSONString()), "Response payload should be equal."); } @Test(alwaysRun = true, groups = "wso2.is", priority = 10, description = "Create a service provider with " + @@ -370,12 +355,6 @@ public void testUpdateServiceProviderRequestWithAdditionalParameters() throws Ex JSONObject updateResponsePayload = DCRUtils.getPayload(response); client_id = ((JSONObject) updateResponsePayload).get("client_id").toString(); assertNotNull(client_id, "client_id cannot be null"); - updateResponsePayload.remove("client_id"); - updateResponsePayload.remove("client_secret"); - updateResponsePayload.remove("client_secret_expires_at"); - updateResponsePayload.remove("software_statement"); - assertEquals(mapper.readTree(updateResponsePayload.toJSONString()), - mapper.readTree(updateRequestPayload.toJSONString()), "Response payload should be equal."); // Verify that updated attribute is correctly returned by retrieving data. HttpGet getRequest = new HttpGet(getTenantQualifiedURL(OAuthDCRMConstants.DCR_ENDPOINT_HOST_PART , tenant) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/utils/OAuth2Constant.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/utils/OAuth2Constant.java index 67434f4c365..6a79a049de7 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/utils/OAuth2Constant.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/identity/integration/test/utils/OAuth2Constant.java @@ -89,7 +89,7 @@ public final class OAuth2Constant { public static final String GRANT_TYPE_NAME = "grant_type"; public static final String AUTHORIZATION_CODE_NAME = "code"; public static final String REDIRECT_URI_NAME = "redirect_uri"; - public static final String BASIC_HEADER = "Basic"; + public static final String BASIC_HEADER = "Basic "; public static final String INVALID_GRANT_ERROR = "invalid_grant"; public static final String SESSION_DATA_KEY_CONSENT = "sessionDataKeyConsent"; public static final String SESSION_DATA_KEY = "sessionDataKey"; diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json index 3a5ce5495fa..a6b87fab489 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request1.json @@ -13,7 +13,7 @@ "backchannel_logout_session_required": true, "token_endpoint_auth_method": "client_secret", "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "sector_identifier_uri" : "https://gist.githubusercontent.com/SachiniSiriwardene/87efb254413da5fed5610deb7e1b9261/raw/d817580c8d4810fa01d31312fff16c33a4816c1f/redirecturi.json", "id_token_signed_response_alg" : "PS256", "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A128GCM", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json index f801bfdaa32..40aad0d6333 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request2.json @@ -13,7 +13,7 @@ "backchannel_logout_session_required": true, "token_endpoint_auth_method": "tls_client_auth", "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "sector_identifier_uri" : "https://gist.githubusercontent.com/SachiniSiriwardene/87efb254413da5fed5610deb7e1b9261/raw/d817580c8d4810fa01d31312fff16c33a4816c1f/redirecturi.json", "id_token_signed_response_alg" : "RS256", "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A128GCM", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json index 33f37da699b..7fa3861dc37 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request3.json @@ -13,7 +13,7 @@ "backchannel_logout_session_required": true, "token_endpoint_auth_method": "tls_client_auth", "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "sector_identifier_uri" : "https://gist.githubusercontent.com/SachiniSiriwardene/87efb254413da5fed5610deb7e1b9261/raw/d817580c8d4810fa01d31312fff16c33a4816c1f/redirecturi.json", "id_token_signed_response_alg" : "PS256", "id_token_encrypted_response_alg" : "RSA1_5", "id_token_encrypted_response_enc" : "A128GCM", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json index fc9a10999a9..7f4e22b15f9 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request5.json @@ -13,7 +13,7 @@ "backchannel_logout_session_required": true, "token_endpoint_auth_method": "tls_client_auth", "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "sector_identifier_uri" : "https://gist.githubusercontent.com/SachiniSiriwardene/87efb254413da5fed5610deb7e1b9261/raw/d817580c8d4810fa01d31312fff16c33a4816c1f/redirecturi.json", "id_token_signed_response_alg" : "PS256", "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A128GCM", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json index 4315214b7b2..01e10c5cf22 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request6.json @@ -1,6 +1,7 @@ { "redirect_uris": [ - "https://abc/redirect1" + "https://abc/redirect1", + "https://abc/redirect2" ], "client_name": "TestAdditionalProperties", @@ -11,7 +12,6 @@ "jwks_uri": "https://localhost/jwks", "token_endpoint_auth_method": "private_key_jwt", "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", "id_token_signed_response_alg" : "PS256", "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A128GCM", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json index c87580340af..b4cbc66c273 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request7.json @@ -11,7 +11,7 @@ "jwks_uri": "https://localhost/jwks", "token_endpoint_auth_method": "tls_client_auth", "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "sector_identifier_uri" : "https://gist.githubusercontent.com/SachiniSiriwardene/87efb254413da5fed5610deb7e1b9261/raw/d817580c8d4810fa01d31312fff16c33a4816c1f/redirecturi.json", "id_token_signed_response_alg" : "PS256", "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A128GCM", diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json index 4bd9ac60e91..2e6910665c1 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/registration-requests/request8.json @@ -12,7 +12,7 @@ "software_statement": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik1ESmxOakl4TjJFMU9HWmxPR1ZtTUdReE9URmxNekJtTm1GalpqUTBZMll3T0dZME4ySTBZekU0WXpaak5qUmhZbVJtTW1RME9EZGlORGhqTUdFd01BX1JTMjccdU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJPcGVuQmFua2luZyBMdGQiLCJpYXQiOjE2NDc0MDU5NDAsImp0aSI6IjM2YjVkZmUwMjA1YzQwNjAiLCJzb2Z0d2FyZV9lbnZpcm9ubWVudCI6InNhbmRib3giLCJzb2Z0d2FyZV9tb2RlIjoiVGVzdCIsInNvZnR3YXJlX2lkIjoib1E0S29hYXZwT3VvRTdydlFzWkVPViIsInNvZnR3YXJlX2NsaWVudF9pZCI6Im9RNEtvYWF2cE91b0U3cnZRc1pFT1YiLCJzb2Z0d2FyZV9jbGllbnRfbmFtZSI6IldTTzIgT3BlbiBCYW5raW5nIFRQUDIgKFNhbmRib3gpIiwic29mdHdhcmVfY2xpZW50X2Rlc2NyaXB0aW9uIjoiV1NPMiBPcGVuIEJhbmtpbmcgVFBQMiBmb3IgdGVzdGluZyIsInNvZnR3YXJlX3ZlcnNpb24iOjEuNSwic29mdHdhcmVfY2xpZW50X3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9yZWRpcmVjdF91cmlzIjpbImh0dHBzOi8vd3d3Lmdvb2dsZS5jb20vcmVkaXJlY3RzL3JlZGlyZWN0MSJdLCJzb2Z0d2FyZV9yb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl0sIm9yZ2FuaXNhdGlvbl9jb21wZXRlbnRfYXV0aG9yaXR5X2NsYWltcyI6eyJhdXRob3JpdHlfaWQiOiJPQkdCUiIsInJlZ2lzdHJhdGlvbl9pZCI6IlVua25vd24wMDE1ODAwMDAxSFFRclpBQVgiLCJzdGF0dXMiOiJBY3RpdmUiLCJhdXRob3Jpc2F0aW9ucyI6W3sibWVtYmVyX3N0YXRlIjoiR0IiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19LHsibWVtYmVyX3N0YXRlIjoiSUUiLCJyb2xlcyI6WyJQSVNQIiwiQ0JQSUkiLCJBSVNQIl19LHsibWVtYmVyX3N0YXRlIjoiTkwiLCJyb2xlcyI6WyJQSVNQIiwiQUlTUCIsIkNCUElJIl19XX0sInNvZnR3YXJlX2xvZ29fdXJpIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbSIsIm9yZ19zdGF0dXMiOiJBY3RpdmUiLCJvcmdfaWQiOiIwMDE1ODAwMDAxSFFRclpBQVgiLCJvcmdfbmFtZSI6IldTTzIgKFVLKSBMSU1JVEVEIiwib3JnX2NvbnRhY3RzIjpbeyJuYW1lIjoiVGVjaG5pY2FsIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IlRlY2huaWNhbCJ9LHsibmFtZSI6IkJ1c2luZXNzIiwiZW1haWwiOiJzYWNoaW5pc0B3c28yLmNvbSIsInBob25lIjoiKzk0Nzc0Mjc0Mzc0IiwidHlwZSI6IkJ1c2luZXNzIn1dLCJvcmdfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvMDAxNTgwMDAwMUhRUXJaQUFYLmp3a3MiLCJvcmdfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkLzAwMTU4MDAwMDFIUVFyWkFBWC5qd2tzIiwic29mdHdhcmVfandrc19lbmRwb2ludCI6Imh0dHBzOi8va2V5c3RvcmUub3BlbmJhbmtpbmd0ZXN0Lm9yZy51ay8wMDE1ODAwMDAxSFFRclpBQVgvb1E0S29hYXZwT3VvRTdydlFzWkVPVi5qd2tzIiwic29mdHdhcmVfandrc19yZXZva2VkX2VuZHBvaW50IjoiaHR0cHM6Ly9rZXlzdG9yZS5vcGVuYmFua2luZ3Rlc3Qub3JnLnVrLzAwMTU4MDAwMDFIUVFyWkFBWC9yZXZva2VkL29RNEtvYWF2cE91b0U3cnZRc1pFT1YuandrcyIsInNvZnR3YXJlX3BvbGljeV91cmkiOiJodHRwczovL3d3dy5nb29nbGUuY29tIiwic29mdHdhcmVfdG9zX3VyaSI6Imh0dHBzOi8vd3d3Lmdvb2dsZS5jb20iLCJzb2Z0d2FyZV9vbl9iZWhhbGZfb2Zfb3JnIjoiV1NPMiBPcGVuIEJhbmtpbmcifQ.H_9zUiJnaGxdCW1hY16IpRVRdVwZTeoKG3t8NrQ5t_VAF4OPIhz1rhJgE117Z-MA6rVOhs3qXe-3-qswm9uEPR5El3qGfumCcmrKouh7xfE8NJo65Ox947cDgPVfY2RmdIJ5snZHZaw66Ty0iy0x57RSQCjMBkKzJGxG_uv6usS6TLCz_Z7sYl0aZ_SORlg2OWCMJ-LspPCfqzh09_eIuP2_2n9rW6-98kz7MebP4rPJn4wdUtHLc_noMydey6MCOZCMOl4wXbkbvZxMq2oRtoV_VYPkgs1lzGobE5OgAX4UKMk9jOKJkhD-k6AENG35Z1_U2K9kdhpXLwCJwzJbfg", "token_endpoint_auth_method": "private_key_jwt", "token_endpoint_auth_signing_alg" : "PS256", - "sector_identifier_uri" : "https://mocki.io/v1/04b49547-0ae2-4049-8d1c-42648e633001", + "sector_identifier_uri" : "https://gist.githubusercontent.com/SachiniSiriwardene/87efb254413da5fed5610deb7e1b9261/raw/d817580c8d4810fa01d31312fff16c33a4816c1f/redirecturi.json", "id_token_signed_response_alg" : "PS256", "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A128GCM",