feat(jans-auth-server): ssa validation endpoint (#2842)

JanssenProject · Nov 2, 2022 · de8a86e · de8a86e
1 parent 7fc6adb
commit de8a86e
Show file tree

Hide file tree

Showing 26 changed files with 750 additions and 59 deletions.
diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/BaseResponse.java b/jans-auth-server/client/src/main/java/io/jans/as/client/BaseResponse.java
@@ -35,7 +35,9 @@ protected BaseResponse(Response clientResponse) {
             if (clientResponse.getLocation() != null) {
                 location = clientResponse.getLocation().toString();
             }
-            entity = clientResponse.readEntity(String.class);
+            if (clientResponse.getEntity() != null) {
+                entity = clientResponse.readEntity(String.class);
+            }
             headers = clientResponse.getMetadata();
         }
     }

diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/ssa/create/SsaCreateClient.java b/jans-auth-server/client/src/main/java/io/jans/as/client/ssa/create/SsaCreateClient.java
@@ -31,7 +31,8 @@ public String getHttpMethod() {
     }
 
     public SsaCreateResponse execSsaCreate(String accessToken, Long orgId, Long expirationDate, String description,
-                                           String softwareId, List<String> softwareRoles, List<String> grantTypes) {
+                                           String softwareId, List<String> softwareRoles, List<String> grantTypes,
+                                           Boolean oneTimeUse, Boolean rotateSsa) {
         SsaCreateRequest ssaCreateRequest = new SsaCreateRequest();
         ssaCreateRequest.setAccessToken(accessToken);
         ssaCreateRequest.setOrgId(orgId);
@@ -40,6 +41,8 @@ public SsaCreateResponse execSsaCreate(String accessToken, Long orgId, Long expi
         ssaCreateRequest.setSoftwareId(softwareId);
         ssaCreateRequest.setSoftwareRoles(softwareRoles);
         ssaCreateRequest.setGrantTypes(grantTypes);
+        ssaCreateRequest.setOneTimeUse(oneTimeUse);
+        ssaCreateRequest.setRotateSsa(rotateSsa);
         setRequest(ssaCreateRequest);
         return exec();
     }

diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/ssa/validate/SsaValidateClient.java b/jans-auth-server/client/src/main/java/io/jans/as/client/ssa/validate/SsaValidateClient.java
@@ -0,0 +1,58 @@
+/*
+ * Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
+ *
+ * Copyright (c) 2020, Janssen Project
+ */
+
+package io.jans.as.client.ssa.validate;
+
+import io.jans.as.client.BaseClient;
+import jakarta.ws.rs.HttpMethod;
+import jakarta.ws.rs.client.Invocation.Builder;
+import org.apache.log4j.Logger;
+import org.jetbrains.annotations.NotNull;
+
+public class SsaValidateClient extends BaseClient<SsaValidateRequest, SsaValidateResponse> {
+
+    private static final Logger LOG = Logger.getLogger(SsaValidateClient.class);
+
+    public SsaValidateClient(String url) {
+        super(url);
+    }
+
+    @Override
+    public String getHttpMethod() {
+        return HttpMethod.GET;
+    }
+
+    public SsaValidateResponse execSsaValidate(@NotNull String jti) {
+        SsaValidateRequest ssaGetRequest = new SsaValidateRequest();
+        ssaGetRequest.setJti(jti);
+        setRequest(ssaGetRequest);
+        return exec();
+    }
+
+    public SsaValidateResponse exec() {
+        try {
+            initClient();
+
+            Builder clientRequest = webTarget.request();
+            applyCookies(clientRequest);
+
+            clientRequest.header("Content-Type", request.getContentType());
+            clientRequest.header("jti", request.getJti());
+
+            clientResponse = clientRequest.build(HttpMethod.HEAD).invoke();
+            final SsaValidateResponse res = new SsaValidateResponse(clientResponse);
+            setResponse(res);
+
+        } catch (Exception e) {
+            LOG.error(e.getMessage(), e);
+        } finally {
+            closeConnection();
+        }
+
+        return getResponse();
+    }
+}
+
diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/ssa/validate/SsaValidateRequest.java b/jans-auth-server/client/src/main/java/io/jans/as/client/ssa/validate/SsaValidateRequest.java
@@ -0,0 +1,35 @@
+/*
+ * Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
+ *
+ * Copyright (c) 2020, Janssen Project
+ */
+
+package io.jans.as.client.ssa.validate;
+
+import io.jans.as.client.BaseRequest;
+import io.jans.as.model.common.AuthorizationMethod;
+import jakarta.ws.rs.core.MediaType;
+
+public class SsaValidateRequest extends BaseRequest {
+
+    private String jti;
+
+    public SsaValidateRequest() {
+        setContentType(MediaType.APPLICATION_JSON);
+        setMediaType(MediaType.APPLICATION_JSON);
+        setAuthorizationMethod(AuthorizationMethod.AUTHORIZATION_REQUEST_HEADER_FIELD);
+    }
+
+    public String getJti() {
+        return jti;
+    }
+
+    public void setJti(String jti) {
+        this.jti = jti;
+    }
+
+    @Override
+    public String getQueryString() {
+        return null;
+    }
+}
diff --git a/...-auth-server/client/src/main/java/io/jans/as/client/ssa/validate/SsaValidateResponse.java b/...-auth-server/client/src/main/java/io/jans/as/client/ssa/validate/SsaValidateResponse.java
@@ -0,0 +1,27 @@
+/*
+ * Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
+ *
+ * Copyright (c) 2020, Janssen Project
+ */
+
+package io.jans.as.client.ssa.validate;
+
+import io.jans.as.client.BaseResponseWithErrors;
+import io.jans.as.model.ssa.SsaErrorResponseType;
+import jakarta.ws.rs.core.Response;
+
+public class SsaValidateResponse extends BaseResponseWithErrors<SsaErrorResponseType> {
+
+    public SsaValidateResponse(Response clientResponse) {
+        super(clientResponse);
+    }
+
+    @Override
+    public SsaErrorResponseType fromString(String p_str) {
+        return SsaErrorResponseType.fromString(p_str);
+    }
+
+    @Override
+    public void injectDataFromJson(String json) {
+    }
+}
diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/BaseTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/BaseTest.java
@@ -14,6 +14,8 @@
 import io.jans.as.client.page.PageConfig;
 import io.jans.as.client.par.ParClient;
 import io.jans.as.client.par.ParRequest;
+import io.jans.as.client.ssa.create.SsaCreateClient;
+import io.jans.as.client.ssa.create.SsaCreateResponse;
 import io.jans.as.model.common.GrantType;
 import io.jans.as.model.common.ResponseMode;
 import io.jans.as.model.common.ResponseType;
@@ -25,6 +27,7 @@
 import io.jans.as.model.crypto.signature.SignatureAlgorithm;
 import io.jans.as.model.error.IErrorType;
 import io.jans.as.model.register.ApplicationType;
+import io.jans.as.model.util.DateUtil;
 import io.jans.as.model.util.SecurityProviderUtility;
 import io.jans.as.model.util.Util;
 import io.jans.util.StringHelper;
@@ -1161,11 +1164,11 @@ public RegisterResponse registerClient(
 
         return registerResponse;
     }
-    
-	public RegisterResponse registerClient(final String redirectUris, final List<ResponseType> responseTypes,
-			final List<GrantType> grantTypes, final String sectorIdentifierUri, final String clientJwksUri,
-			final SignatureAlgorithm signatureAlgorithm, final KeyEncryptionAlgorithm keyEncryptionAlgorithm,
-			final BlockEncryptionAlgorithm blockEncryptionAlgorithm) {
+
+    public RegisterResponse registerClient(final String redirectUris, final List<ResponseType> responseTypes,
+                                           final List<GrantType> grantTypes, final String sectorIdentifierUri, final String clientJwksUri,
+                                           final SignatureAlgorithm signatureAlgorithm, final KeyEncryptionAlgorithm keyEncryptionAlgorithm,
+                                           final BlockEncryptionAlgorithm blockEncryptionAlgorithm) {
         RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app",
                 io.jans.as.model.util.StringUtils.spaceSeparatedToList(redirectUris));
         registerRequest.setResponseTypes(responseTypes);
@@ -1190,7 +1193,7 @@ public RegisterResponse registerClient(final String redirectUris, final List<Res
         AssertBuilder.registerResponse(registerResponse).created().check();
 
         return registerResponse;
-	}
+    }
 
     public AuthorizationResponse authorizationRequest(
             final List<ResponseType> responseTypes, final ResponseMode responseMode, final ResponseMode expectedResponseMode,
@@ -1243,4 +1246,33 @@ public TokenResponse tokenClientCredentialsGrant(String scope, String clientId,
         AssertBuilder.tokenResponse(tokenResponse).ok().check();
         return tokenResponse;
     }
+
+    public SsaCreateResponse createSsaWithDefaultValues(String accessToken, Long orgId, Long expiration, Boolean oneTimeUse) {
+        Long orgIdAux = orgId != null ? orgId : 1000L;
+        String descriptionAux = "test description";
+        String softwareIdAux = "gluu-scan-api";
+        Long expirationAux;
+        if (expiration == null) {
+            Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
+            calendar.add(Calendar.HOUR, 24);
+            expirationAux = DateUtil.dateToUnixEpoch(calendar.getTime());
+        } else {
+            expirationAux = expiration;
+        }
+        List<String> softwareRolesAux = Collections.singletonList("password");
+        List<String> grantTypesAux = Collections.singletonList("client_credentials");
+        return createSsa(accessToken, orgIdAux, expirationAux, descriptionAux, softwareIdAux, softwareRolesAux,
+                grantTypesAux, oneTimeUse, Boolean.TRUE);
+    }
+
+    public SsaCreateResponse createSsa(String accessToken, Long orgId, Long expiration, String description,
+                                       String softwareId, List<String> softwareRoles, List<String> grantTypes,
+                                       Boolean oneTimeUse, Boolean rotateSsa) {
+        SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
+        SsaCreateResponse response = ssaCreateClient.execSsaCreate(accessToken, orgId, expiration, description, softwareId,
+                softwareRoles, grantTypes, oneTimeUse, rotateSsa);
+        showClient(ssaCreateClient);
+        AssertBuilder.ssaCreate(ssaCreateClient.getRequest(), response);
+        return response;
+    }
 }
diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/ssa/SsaCreateRestTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/ssa/SsaCreateRestTest.java
@@ -48,9 +48,10 @@ public void createSsaValid(final String redirectUris, final String sectorIdentif
         Long expirationDate = DateUtil.dateToUnixEpoch(calendar.getTime());
         String description = "test description";
         String softwareId = "gluu-scan-api";
-        List<String> softwareRoles = Collections.singletonList("passwurd");
+        List<String> softwareRoles = Collections.singletonList("password");
         List<String> ssaGrantTypes = Collections.singletonList("client_credentials");
-        SsaCreateResponse ssaCreateResponse = ssaCreateClient.execSsaCreate(accessToken, orgId, expirationDate, description, softwareId, softwareRoles, ssaGrantTypes);
+        SsaCreateResponse ssaCreateResponse = ssaCreateClient.execSsaCreate(accessToken, orgId, expirationDate, description,
+                softwareId, softwareRoles, ssaGrantTypes, Boolean.TRUE, Boolean.TRUE);
 
         showClient(ssaCreateClient);
         AssertBuilder.ssaCreate(ssaCreateClient.getRequest(), ssaCreateResponse).check();
@@ -80,9 +81,10 @@ public void createSsaInvalidWithoutScopeAdmin(final String redirectUris, final S
         Long expirationDate = DateUtil.dateToUnixEpoch(calendar.getTime());
         String description = "test description";
         String softwareId = "gluu-scan-api";
-        List<String> softwareRoles = Collections.singletonList("passwurd");
+        List<String> softwareRoles = Collections.singletonList("password");
         List<String> ssaGrantTypes = Collections.singletonList("client_credentials");
-        SsaCreateResponse ssaCreateResponse = ssaCreateClient.execSsaCreate(accessToken, orgId, expirationDate, description, softwareId, softwareRoles, ssaGrantTypes);
+        SsaCreateResponse ssaCreateResponse = ssaCreateClient.execSsaCreate(accessToken, orgId, expirationDate, description,
+                softwareId, softwareRoles, ssaGrantTypes, Boolean.TRUE, Boolean.TRUE);
 
         showClient(ssaCreateClient);
         AssertBuilder.ssaCreate(ssaCreateClient.getRequest(), ssaCreateResponse)
@@ -110,9 +112,10 @@ public void createSsaValidWithoutExpiration(final String redirectUris, final Str
         Long orgId = 1L;
         String description = "test description";
         String softwareId = "gluu-scan-api";
-        List<String> softwareRoles = Collections.singletonList("passwurd");
+        List<String> softwareRoles = Collections.singletonList("password");
         List<String> ssaGrantTypes = Collections.singletonList("client_credentials");
-        SsaCreateResponse ssaCreateResponse = ssaCreateClient.execSsaCreate(accessToken, orgId, null, description, softwareId, softwareRoles, ssaGrantTypes);
+        SsaCreateResponse ssaCreateResponse = ssaCreateClient.execSsaCreate(accessToken, orgId, null, description,
+                softwareId, softwareRoles, ssaGrantTypes, Boolean.FALSE, Boolean.FALSE);
 
         showClient(ssaCreateClient);
         AssertBuilder.ssaCreate(ssaCreateClient.getRequest(), ssaCreateResponse).check();

diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/ssa/SsaGetRestTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/ssa/SsaGetRestTest.java
@@ -10,7 +10,6 @@
 import io.jans.as.client.RegisterResponse;
 import io.jans.as.client.TokenResponse;
 import io.jans.as.client.client.AssertBuilder;
-import io.jans.as.client.ssa.create.SsaCreateClient;
 import io.jans.as.client.ssa.create.SsaCreateResponse;
 import io.jans.as.client.ssa.get.SsaGetClient;
 import io.jans.as.client.ssa.get.SsaGetResponse;
@@ -48,8 +47,7 @@ public void getSsaSearchByOrgId(final String redirectUris, final String sectorId
         Long orgId1 = 1000L;
         Long orgId2 = 2000L;
         List<Long> ssaCreateOrgId = Arrays.asList(orgId1, orgId1, orgId2);
-        SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
-        List<String> jtiList = createSsaList(ssaCreateClient, accessToken, ssaCreateOrgId);
+        List<String> jtiList = createSsaList(accessToken, ssaCreateOrgId);
 
         // Ssa get
         SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
@@ -79,8 +77,7 @@ public void getSsaSearchByJti(final String redirectUris, final String sectorIden
         // Create ssa
         Long orgId1 = 1000L;
         List<Long> ssaCreateOrgId = Arrays.asList(orgId1, orgId1);
-        SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
-        List<String> jtiList = createSsaList(ssaCreateClient, accessToken, ssaCreateOrgId);
+        List<String> jtiList = createSsaList(accessToken, ssaCreateOrgId);
         String jti = jtiList.get(0);
 
         // Ssa get
@@ -112,8 +109,7 @@ public void getSsaSearchByOrgIdAndJti(final String redirectUris, final String se
         Long orgId1 = 1000L;
         Long orgId2 = 2000L;
         List<Long> ssaCreateOrgId = Arrays.asList(orgId1, orgId1, orgId2);
-        SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
-        List<String> jtiList = createSsaList(ssaCreateClient, accessToken, ssaCreateOrgId);
+        List<String> jtiList = createSsaList(accessToken, ssaCreateOrgId);
         String jti = jtiList.get(0);
 
         // Ssa get
@@ -144,8 +140,7 @@ public void getSsaSearchByJtiNotExits(final String redirectUris, final String se
         // Create ssa
         Long orgId1 = 1000L;
         List<Long> ssaCreateOrgId = Arrays.asList(orgId1, orgId1);
-        SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
-        List<String> jtiList = createSsaList(ssaCreateClient, accessToken, ssaCreateOrgId);
+        List<String> jtiList = createSsaList(accessToken, ssaCreateOrgId);
         String jti = "jti-not-found";
 
         // Ssa get
@@ -157,14 +152,11 @@ public void getSsaSearchByJtiNotExits(final String redirectUris, final String se
                 .check();
     }
 
-    private List<String> createSsaList(SsaCreateClient ssaCreateClient, String accessToken, List<Long> ssaCreateRequestList) {
+    private List<String> createSsaList(String accessToken, List<Long> ssaCreateRequestList) {
         List<String> jtiList = new ArrayList<>();
         for (int i = 0; i < ssaCreateRequestList.size(); i++) {
             Long orgId = ssaCreateRequestList.get(i);
-            SsaCreateResponse ssaCreateResponse = ssaCreateClient.execSsaCreate(accessToken, orgId, null,
-                    "test description", "gluu-scan-api", Collections.singletonList("passwurd"),
-                    Collections.singletonList("client_credentials"));
-            showClient(ssaCreateClient);
+            SsaCreateResponse ssaCreateResponse = createSsaWithDefaultValues(accessToken, orgId, null, Boolean.TRUE);
             Assert.assertNotNull(ssaCreateResponse, "Ssa create response is null, index: " + i);
             jtiList.add(ssaCreateResponse.getJti());
         }