Sync with SVN

Client/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.xdi</groupId>
         <artifactId>oxauth</artifactId>
-        <version>1.1.0.Final</version>
+        <version>1.2.0.Final</version>
     </parent>
 
     <prerequisites>

Client/src/main/java/org/xdi/oxauth/client/model/authorize/IdTokenMember.java

@@ -39,18 +39,14 @@ public JSONObject toJSONObject() throws JSONException {
         JSONObject obj = new JSONObject();
 
         if (claims != null && !claims.isEmpty()) {
-            JSONObject claimsObj = new JSONObject();
-
             for (Claim claim : claims) {
                 JSONObject claimValue = claim.getClaimValue().toJSONObject();
                 if (claimValue == null) {
-                    claimsObj.put(claim.getName(), JSONObject.NULL);
+                    obj.put(claim.getName(), JSONObject.NULL);
                 } else {
-                    claimsObj.put(claim.getName(), claimValue);
+                    obj.put(claim.getName(), claimValue);
                 }
             }
-
-            obj.put("claims", claimsObj);
         }
         if (maxAge != null) {
             obj.put("max_age", maxAge);

Client/src/main/java/org/xdi/oxauth/client/model/authorize/JwtAuthorizationRequest.java

@@ -598,11 +598,17 @@ protected JSONObject payloadToJSONObject() throws JSONException {
                 obj.put("registration", registration);
             }
 
-            if (userInfoMember != null) {
-                obj.put("userinfo", userInfoMember.toJSONObject());
-            }
-            if (idTokenMember != null) {
-                obj.put("id_token", idTokenMember.toJSONObject());
+            if (userInfoMember != null || idTokenMember != null) {
+                JSONObject claimsObj = new JSONObject();
+
+                if (userInfoMember != null) {
+                    claimsObj.put("userinfo", userInfoMember.toJSONObject());
+                }
+                if (idTokenMember != null) {
+                    claimsObj.put("id_token", idTokenMember.toJSONObject());
+                }
+
+                obj.put("claims", claimsObj);
             }
         } catch (UnsupportedEncodingException e) {
             e.printStackTrace();

Client/src/main/java/org/xdi/oxauth/client/model/authorize/UserInfoMember.java

@@ -40,18 +40,14 @@ public JSONObject toJSONObject() throws JSONException {
         JSONObject obj = new JSONObject();
 
         if (claims != null && !claims.isEmpty()) {
-            JSONObject claimsObj = new JSONObject();
-
             for (Claim claim : claims) {
                 JSONObject claimValue = claim.getClaimValue().toJSONObject();
                 if (claimValue == null) {
-                    claimsObj.put(claim.getName(), JSONObject.NULL);
+                    obj.put(claim.getName(), JSONObject.NULL);
                 } else {
-                    claimsObj.put(claim.getName(), claimValue);
+                    obj.put(claim.getName(), claimValue);
                 }
             }
-
-            obj.put("claims", claimsObj);
         }
         if (preferredLocales != null && !preferredLocales.isEmpty()) {
             JSONArray arr = new JSONArray();

Client/src/main/java/org/xdi/oxauth/client/uma/wrapper/UmaClient.java

@@ -57,8 +57,6 @@ public static Token request(final String authorizeUrl, final String tokenUrl,
         authorizeClient.setRequest(request);
         AuthorizationResponse response1 = authorizeClient.exec();
 
-        ClientUtils.showClient(authorizeClient);
-
         String scope = response1.getScope();
         String authorizationCode = response1.getCode();
 
@@ -76,7 +74,6 @@ public static Token request(final String authorizeUrl, final String tokenUrl,
             TokenClient tokenClient1 = new TokenClient(tokenUrl);
             tokenClient1.setRequest(tokenRequest);
             TokenResponse response2 = tokenClient1.exec();
-            ClientUtils.showClient(authorizeClient);
 
             if (response2.getStatus() == 200) {
                 final String patToken = response2.getAccessToken();

Client/src/test/java/org/xdi/oxauth/interop/DisplaysPolicyUrlInLoginPage.java → Client/src/test/java/org/xdi/oxauth/interop/DisplaysPolicyUriInLoginPage.java

@@ -21,7 +21,7 @@
  *
  * @author Javier Rojas Blum Date: 08.16.2013
  */
-public class DisplaysPolicyUrlInLoginPage extends BaseTest {
+public class DisplaysPolicyUriInLoginPage extends BaseTest {
 
     @Parameters({"redirectUris", "redirectUri"})
     @Test

Client/src/test/java/org/xdi/oxauth/interop/EnablesDiscovery.java → Client/src/test/java/org/xdi/oxauth/interop/PublishOpenIdConfigurationDiscoveryInformation.java

@@ -7,15 +7,16 @@
 import static org.testng.Assert.assertTrue;
 
 /**
- * OC5:FeatureTest-Enables Discovery
+ * OC5:FeatureTest-Publish openid-configuration Discovery Information
  *
- * @author Javier Rojas Blum Date: 07.27.2013
+ * @author Javier Rojas Blum
+ * @version 0.9, 06/09/2014
  */
-public class EnablesDiscovery extends BaseTest {
+public class PublishOpenIdConfigurationDiscoveryInformation extends BaseTest {
 
     @Test
-    public void enablesDiscovery() {
-        showTitle("OC5:FeatureTest-Enables Discovery");
+    public void publishOpenIdConfigurationDiscoveryInformation() {
+        showTitle("OC5:FeatureTest-Publish openid-configuration Discovery Information");
 
         assertTrue(StringUtils.isNotBlank(authorizationEndpoint));
         assertTrue(StringUtils.isNotBlank(tokenEndpoint));

Client/src/test/java/org/xdi/oxauth/interop/SupportRequestObjectSpecifyingSubValue.java

@@ -0,0 +1,200 @@
+package org.xdi.oxauth.interop;
+
+import org.apache.http.client.CookieStore;
+import org.apache.http.impl.client.BasicCookieStore;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.jboss.resteasy.client.ClientExecutor;
+import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
+import org.testng.annotations.Parameters;
+import org.testng.annotations.Test;
+import org.xdi.oxauth.BaseTest;
+import org.xdi.oxauth.client.*;
+import org.xdi.oxauth.client.model.authorize.Claim;
+import org.xdi.oxauth.client.model.authorize.ClaimValue;
+import org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest;
+import org.xdi.oxauth.dev.HostnameVerifierType;
+import org.xdi.oxauth.model.authorize.AuthorizeErrorResponseType;
+import org.xdi.oxauth.model.common.Prompt;
+import org.xdi.oxauth.model.common.ResponseType;
+import org.xdi.oxauth.model.crypto.signature.RSAPublicKey;
+import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
+import org.xdi.oxauth.model.jws.RSASigner;
+import org.xdi.oxauth.model.jwt.Jwt;
+import org.xdi.oxauth.model.jwt.JwtClaimName;
+import org.xdi.oxauth.model.jwt.JwtHeaderName;
+import org.xdi.oxauth.model.register.ApplicationType;
+import org.xdi.oxauth.model.util.StringUtils;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNotNull;
+import static org.testng.Assert.assertTrue;
+
+/**
+ * OC5:FeatureTest-Support Request Object Specifying sub Value
+ * If that user is logged in, the request succeeds, otherwise it fails.
+ *
+ * @author Javier Rojas Blum
+ * @version 0.9, 06/10/2014
+ */
+public class SupportRequestObjectSpecifyingSubValue extends BaseTest {
+
+    @Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "hostnameVerifier"})
+    @Test
+    public void supportRequestObjectSpecifyingSubValueSucceed(
+            final String userId, final String userSecret, final String redirectUri, final String redirectUris,
+            String hostnameVerifier) throws Exception {
+        showTitle("OC5:FeatureTest-Support Request Object Specifying sub Value (succeed)");
+
+        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
+
+        // 1. Register client
+        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
+                StringUtils.spaceSeparatedToList(redirectUris));
+        registerRequest.setResponseTypes(responseTypes);
+
+        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
+        registerClient.setRequest(registerRequest);
+        RegisterResponse registerResponse = registerClient.exec();
+
+        showClient(registerClient);
+        assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
+        assertNotNull(registerResponse.getClientId());
+        assertNotNull(registerResponse.getClientSecret());
+        assertNotNull(registerResponse.getRegistrationAccessToken());
+        assertNotNull(registerResponse.getClientIdIssuedAt());
+        assertNotNull(registerResponse.getClientSecretExpiresAt());
+
+        String clientId = registerResponse.getClientId();
+        String clientSecret = registerResponse.getClientSecret();
+
+        DefaultHttpClient httpClient = createHttpClient(HostnameVerifierType.fromString(hostnameVerifier));
+        CookieStore cookieStore = new BasicCookieStore();
+        httpClient.setCookieStore(cookieStore);
+        ClientExecutor clientExecutor = new ApacheHttpClient4Executor(httpClient);
+
+        // 2. Request authorization
+        List<String> scopes = Arrays.asList("openid", "email");
+        String nonce = UUID.randomUUID().toString();
+        String state = "af0ifjsldkj";
+
+        AuthorizationRequest authorizationRequest1 = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
+        authorizationRequest1.setAuthUsername(userId);
+        authorizationRequest1.setAuthPassword(userSecret);
+        authorizationRequest1.getPrompts().add(Prompt.NONE);
+        authorizationRequest1.setState(state);
+
+        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest1, SignatureAlgorithm.HS256, clientSecret);
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createNull()));
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createNull()));
+
+        //jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId)));
+
+        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
+        authorizationRequest1.setRequest(authJwt);
+
+        AuthorizeClient authorizeClient1 = new AuthorizeClient(authorizationEndpoint);
+        authorizeClient1.setRequest(authorizationRequest1);
+        AuthorizationResponse authorizationResponse1 = authorizeClient1.exec(clientExecutor);
+
+        assertNotNull(authorizationResponse1.getLocation(), "The location is null");
+        assertNotNull(authorizationResponse1.getAccessToken(), "The accessToken is null");
+        assertNotNull(authorizationResponse1.getTokenType(), "The tokenType is null");
+        assertNotNull(authorizationResponse1.getIdToken(), "The idToken is null");
+        assertNotNull(authorizationResponse1.getState(), "The state is null");
+
+        String idToken = authorizationResponse1.getIdToken();
+        String accessToken = authorizationResponse1.getAccessToken();
+
+        // 3. Validate id_token
+        Jwt jwt = Jwt.parse(idToken);
+        assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
+        assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
+        assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
+
+        RSAPublicKey publicKey = JwkClient.getRSAPublicKey(
+                jwksUri,
+                jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
+        RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
+
+        assertTrue(rsaSigner.validate(jwt));
+
+        // 4. Request user info
+        UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
+        UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
+
+        showClient(userInfoClient);
+        assertEquals(userInfoResponse.getStatus(), 200, "Unexpected response code: " + userInfoResponse.getStatus());
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.GIVEN_NAME));
+        assertNotNull(userInfoResponse.getClaim(JwtClaimName.FAMILY_NAME));
+    }
+
+    @Parameters({"userId", "userSecret", "redirectUri", "redirectUris"})
+    @Test
+    public void supportRequestObjectSpecifyingSubValueFail(
+            final String userId, final String userSecret, final String redirectUri, final String redirectUris) throws Exception {
+        showTitle("OC5:FeatureTest-Support Request Object Specifying sub Value (fail)");
+
+        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
+
+        // 1. Register client
+        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
+                StringUtils.spaceSeparatedToList(redirectUris));
+        registerRequest.setResponseTypes(responseTypes);
+
+        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
+        registerClient.setRequest(registerRequest);
+        RegisterResponse registerResponse = registerClient.exec();
+
+        showClient(registerClient);
+        assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
+        assertNotNull(registerResponse.getClientId());
+        assertNotNull(registerResponse.getClientSecret());
+        assertNotNull(registerResponse.getRegistrationAccessToken());
+        assertNotNull(registerResponse.getClientIdIssuedAt());
+        assertNotNull(registerResponse.getClientSecretExpiresAt());
+
+        String clientId = registerResponse.getClientId();
+        String clientSecret = registerResponse.getClientSecret();
+
+        // 2. Request authorization
+        List<String> scopes = Arrays.asList("openid", "email");
+        String nonce = UUID.randomUUID().toString();
+        String state = "af0ifjsldkj";
+
+        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
+        authorizationRequest.setState(state);
+
+        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.HS256, clientSecret);
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createNull()));
+        jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createNull()));
+
+        jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId)));
+
+        String authJwt = jwtAuthorizationRequest.getEncodedJwt();
+        authorizationRequest.setRequest(authJwt);
+
+        AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
+        authorizeClient.setRequest(authorizationRequest);
+
+        AuthorizationResponse authorizationResponse = authorizeClient.exec();
+
+        showClient(authorizeClient);
+        assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
+        assertNotNull(authorizationResponse.getErrorType(), "The error type is null");
+        assertEquals(authorizationResponse.getErrorType(), AuthorizeErrorResponseType.USER_MISMATCHED);
+        assertNotNull(authorizationResponse.getErrorDescription(), "The error description is null");
+    }
+}

Client/src/test/java/org/xdi/oxauth/interop/SupportWebFingerDiscovery.java

@@ -0,0 +1,23 @@
+package org.xdi.oxauth.interop;
+
+import org.apache.commons.lang.StringUtils;
+import org.testng.annotations.Test;
+import org.xdi.oxauth.BaseTest;
+
+import static org.testng.Assert.assertTrue;
+
+/**
+ * OC5:FeatureTest-Support WebFinger Discovery
+ *
+ * @author Javier Rojas Blum
+ * @version 0.9, 06/09/2014
+ */
+public class SupportWebFingerDiscovery extends BaseTest {
+
+    @Test
+    public void supportWebFingerDiscovery() {
+        showTitle("OC5:FeatureTest-Support WebFinger Discovery");
+
+        assertTrue(StringUtils.isNotBlank(configurationEndpoint));
+    }
+}