From fd808b2e4e223a8eb23d7722c9c17fe4cd20d7ca Mon Sep 17 00:00:00 2001 From: pujavs Date: Wed, 12 Aug 2020 18:34:40 +0530 Subject: [PATCH] API for CIBA #15 and fixes for FIDO2 #14 --- .gitignore | 2 +- .../rest/model/CIBAConfiguration.java | 152 ++++++++++++ .../ressource/CIBAConfigurationResource.java | 110 +++++++++ .../rest/ressource/Fido2Resource.java | 59 +++-- .../oxauthconfigapi/util/ApiConstants.java | 1 + src/test/resources/feature/ciba/ciba.feature | 219 ++++++++++++++++++ src/test/resources/feature/ciba/ciba.json | 14 ++ .../resources/feature/fido2/dynamiconf.json | 27 +++ .../resources/feature/fido2/fido2.feature | 27 ++- src/test/resources/karate-config.js | 3 + src/test/resources/karate-config.js.bak | 105 +++++++++ 11 files changed, 698 insertions(+), 21 deletions(-) create mode 100644 src/main/java/org/gluu/oxauthconfigapi/rest/model/CIBAConfiguration.java create mode 100644 src/main/java/org/gluu/oxauthconfigapi/rest/ressource/CIBAConfigurationResource.java create mode 100644 src/test/resources/feature/ciba/ciba.feature create mode 100644 src/test/resources/feature/ciba/ciba.json create mode 100644 src/test/resources/feature/fido2/dynamiconf.json create mode 100644 src/test/resources/karate-config.js.bak diff --git a/.gitignore b/.gitignore index b30fc0cd9b2..2de7168752a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ # Eclipse .project -oxauth-config-api-access.log +oxauth-config-api-access*.log .classpath .settings/ bin/ diff --git a/src/main/java/org/gluu/oxauthconfigapi/rest/model/CIBAConfiguration.java b/src/main/java/org/gluu/oxauthconfigapi/rest/model/CIBAConfiguration.java new file mode 100644 index 00000000000..10709dff957 --- /dev/null +++ b/src/main/java/org/gluu/oxauthconfigapi/rest/model/CIBAConfiguration.java @@ -0,0 +1,152 @@ +package org.gluu.oxauthconfigapi.rest.model; + +import java.io.Serializable; + +import javax.validation.constraints.Size; +import javax.validation.constraints.NotBlank; + +public class CIBAConfiguration implements Serializable { + + private static final long serialVersionUID = 1L; + + @NotBlank + @Size(min=1) + private String apiKey; + + @NotBlank + @Size(min=1) + private String authDomain; + + @NotBlank + @Size(min=1) + private String databaseURL; + + @NotBlank + @Size(min=1) + private String projectId; + + @NotBlank + @Size(min=1) + private String storageBucket; + + @NotBlank + @Size(min=1) + private String messagingSenderId; + + @NotBlank + @Size(min=1) + private String appId; + + @NotBlank + @Size(min=1) + private String notificationUrl; + + @NotBlank + @Size(min=1) + private String notificationKey; + + @NotBlank + @Size(min=1) + private String publicVapidKey; + + private int cibaGrantLifeExtraTimeSec; + + private int cibaMaxExpirationTimeAllowedSec; + + public String getApiKey() { + return apiKey; + } + + public void setApiKey(String apiKey) { + this.apiKey = apiKey; + } + + public String getAuthDomain() { + return authDomain; + } + + public void setAuthDomain(String authDomain) { + this.authDomain = authDomain; + } + + public String getDatabaseURL() { + return databaseURL; + } + + public void setDatabaseURL(String databaseURL) { + this.databaseURL = databaseURL; + } + + public String getProjectId() { + return projectId; + } + + public void setProjectId(String projectId) { + this.projectId = projectId; + } + + public String getStorageBucket() { + return storageBucket; + } + + public void setStorageBucket(String storageBucket) { + this.storageBucket = storageBucket; + } + + public String getMessagingSenderId() { + return messagingSenderId; + } + + public void setMessagingSenderId(String messagingSenderId) { + this.messagingSenderId = messagingSenderId; + } + + public String getAppId() { + return appId; + } + + public void setAppId(String appId) { + this.appId = appId; + } + + public String getNotificationUrl() { + return notificationUrl; + } + + public void setNotificationUrl(String notificationUrl) { + this.notificationUrl = notificationUrl; + } + + public String getNotificationKey() { + return notificationKey; + } + + public void setNotificationKey(String notificationKey) { + this.notificationKey = notificationKey; + } + + public String getPublicVapidKey() { + return publicVapidKey; + } + + public void setPublicVapidKey(String publicVapidKey) { + this.publicVapidKey = publicVapidKey; + } + + public int getCibaGrantLifeExtraTimeSec() { + return cibaGrantLifeExtraTimeSec; + } + + public void setCibaGrantLifeExtraTimeSec(int cibaGrantLifeExtraTimeSec) { + this.cibaGrantLifeExtraTimeSec = cibaGrantLifeExtraTimeSec; + } + + public int getCibaMaxExpirationTimeAllowedSec() { + return cibaMaxExpirationTimeAllowedSec; + } + + public void setCibaMaxExpirationTimeAllowedSec(int cibaMaxExpirationTimeAllowedSec) { + this.cibaMaxExpirationTimeAllowedSec = cibaMaxExpirationTimeAllowedSec; + } + +} diff --git a/src/main/java/org/gluu/oxauthconfigapi/rest/ressource/CIBAConfigurationResource.java b/src/main/java/org/gluu/oxauthconfigapi/rest/ressource/CIBAConfigurationResource.java new file mode 100644 index 00000000000..52844318e7a --- /dev/null +++ b/src/main/java/org/gluu/oxauthconfigapi/rest/ressource/CIBAConfigurationResource.java @@ -0,0 +1,110 @@ +package org.gluu.oxauthconfigapi.rest.ressource; + +import javax.inject.Inject; +import javax.validation.Valid; +import javax.ws.rs.GET; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.Consumes; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import org.slf4j.Logger; + +import com.couchbase.client.core.message.ResponseStatus; + +import org.eclipse.microprofile.openapi.annotations.Operation; +import org.eclipse.microprofile.openapi.annotations.media.Content; +import org.eclipse.microprofile.openapi.annotations.media.Schema; +import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; +import org.eclipse.microprofile.openapi.annotations.responses.APIResponses; + +import org.gluu.oxauth.model.configuration.AppConfiguration; +import org.gluu.oxtrust.service.JsonConfigurationService; +import org.gluu.oxauthconfigapi.filters.ProtectedApi; +import org.gluu.oxauthconfigapi.rest.model.ApiError; +import org.gluu.oxauthconfigapi.rest.model.CIBAConfiguration; +import org.gluu.oxauthconfigapi.util.ApiConstants; + +@Path(ApiConstants.BASE_API_URL + ApiConstants.CIBA) +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +public class CIBAConfigurationResource extends BaseResource { + + @Inject + Logger log; + + @Inject + JsonConfigurationService jsonConfigurationService; + + + @GET + @Operation(summary = "Gets oxAuth CIBA configuration properties.") + @APIResponses( value = { + @APIResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = CIBAConfiguration.class, required = true, description = "Success"))), + @APIResponse(responseCode = "500", content = @Content(schema = @Schema(implementation = ApiError.class)), description = "Server error") }) + @ProtectedApi(scopes = { READ_ACCESS }) + public Response getCIBAConfiguration() { + + log.debug("CIBAConfigurationResource::getCIBAConfiguration() - Gets oxAuth CIBA configuration properties."); + try { + AppConfiguration appConfiguration = this.jsonConfigurationService.getOxauthAppConfiguration(); + CIBAConfiguration cibaConfiguration = new CIBAConfiguration(); + cibaConfiguration.setApiKey(appConfiguration.getCibaEndUserNotificationConfig().getApiKey()); + cibaConfiguration.setAuthDomain(appConfiguration.getCibaEndUserNotificationConfig().getAuthDomain()); + cibaConfiguration.setDatabaseURL(appConfiguration.getCibaEndUserNotificationConfig().getDatabaseURL()); + cibaConfiguration.setProjectId(appConfiguration.getCibaEndUserNotificationConfig().getProjectId()); + cibaConfiguration.setStorageBucket(appConfiguration.getCibaEndUserNotificationConfig().getStorageBucket()); + cibaConfiguration.setMessagingSenderId(appConfiguration.getCibaEndUserNotificationConfig().getMessagingSenderId()); + cibaConfiguration.setAppId(appConfiguration.getCibaEndUserNotificationConfig().getAppId()); + cibaConfiguration.setNotificationUrl(appConfiguration.getCibaEndUserNotificationConfig().getNotificationUrl()); + cibaConfiguration.setNotificationKey(appConfiguration.getCibaEndUserNotificationConfig().getNotificationKey()); + cibaConfiguration.setPublicVapidKey(appConfiguration.getCibaEndUserNotificationConfig().getPublicVapidKey()); + cibaConfiguration.setCibaGrantLifeExtraTimeSec(appConfiguration.getCibaGrantLifeExtraTimeSec()); + cibaConfiguration.setCibaMaxExpirationTimeAllowedSec(appConfiguration.getCibaMaxExpirationTimeAllowedSec()); + + return Response.ok(cibaConfiguration).build(); + + }catch(Exception ex) { + log.error("Failed to retrieve oxAuth CIBA configuration", ex); + return getInternalServerError(ex); + } + } + + + @PUT + @Operation(summary = "Updates oxAuth CIBA configuration properties.") + @APIResponses(value = { + @APIResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = Response.class, required = true, description = "Success"))), + @APIResponse(responseCode = "401", content = @Content(schema = @Schema(implementation = ApiError.class, required = false)) , description = "Unauthorized"), + @APIResponse(responseCode = "500", content = @Content(schema = @Schema(implementation = ApiError.class)), description = "Server error") }) + @ProtectedApi(scopes = { WRITE_ACCESS }) + public Response updateCIBAConfiguration(@Valid CIBAConfiguration cibaConfiguration) { + log.debug("CIBAConfigurationResource::updateCIBAConfiguration() - Updates oxAuth CIBA configuration properties."); + try { + AppConfiguration appConfiguration = this.jsonConfigurationService.getOxauthAppConfiguration(); + + appConfiguration.getCibaEndUserNotificationConfig().setApiKey(cibaConfiguration.getApiKey()); + appConfiguration.getCibaEndUserNotificationConfig().setAuthDomain(cibaConfiguration.getAuthDomain()); + appConfiguration.getCibaEndUserNotificationConfig().setDatabaseURL(cibaConfiguration.getDatabaseURL()); + appConfiguration.getCibaEndUserNotificationConfig().setProjectId(cibaConfiguration.getProjectId()); + appConfiguration.getCibaEndUserNotificationConfig().setStorageBucket(cibaConfiguration.getStorageBucket()); + appConfiguration.getCibaEndUserNotificationConfig().setMessagingSenderId(cibaConfiguration.getMessagingSenderId()); + appConfiguration.getCibaEndUserNotificationConfig().setAppId(cibaConfiguration.getAppId()); + appConfiguration.getCibaEndUserNotificationConfig().setNotificationUrl(cibaConfiguration.getNotificationUrl()); + appConfiguration.getCibaEndUserNotificationConfig().setNotificationKey(cibaConfiguration.getNotificationKey()); + appConfiguration.getCibaEndUserNotificationConfig().setPublicVapidKey(cibaConfiguration.getPublicVapidKey()); + appConfiguration.setCibaGrantLifeExtraTimeSec(cibaConfiguration.getCibaGrantLifeExtraTimeSec()); + appConfiguration.setCibaMaxExpirationTimeAllowedSec(cibaConfiguration.getCibaMaxExpirationTimeAllowedSec()); + + this.jsonConfigurationService.saveOxAuthAppConfiguration(appConfiguration); + + return Response.ok(ResponseStatus.SUCCESS).build(); + + }catch(Exception ex) { + log.error("Failed to update oxAuth CIBA configuration", ex); + return getInternalServerError(ex); + } + } +} diff --git a/src/main/java/org/gluu/oxauthconfigapi/rest/ressource/Fido2Resource.java b/src/main/java/org/gluu/oxauthconfigapi/rest/ressource/Fido2Resource.java index dcd43fe6076..8894c35795c 100644 --- a/src/main/java/org/gluu/oxauthconfigapi/rest/ressource/Fido2Resource.java +++ b/src/main/java/org/gluu/oxauthconfigapi/rest/ressource/Fido2Resource.java @@ -52,24 +52,29 @@ public class Fido2Resource extends BaseResource { @APIResponse(responseCode = "500", content = @Content(schema = @Schema(implementation = ApiError.class)), description = "Server error") }) @ProtectedApi(scopes = { READ_ACCESS }) public Response getFido2Configuration() { - log.debug("Fido2Resource::getFido2Configuration() - Retrieve oxAuth Fido2 configuration."); + log.info("Fido2Resource::getFido2Configuration() - Retrieve oxAuth Fido2 configuration."); Fido2Configuration fido2Configuration = new Fido2Configuration(); - JsonElement entry= null; String fido2ConfigJson = null; try { DbApplicationConfiguration dbApplicationConfiguration = this.jsonConfigurationService.loadFido2Configuration(); if (dbApplicationConfiguration != null) { + fido2ConfigJson = dbApplicationConfiguration.getDynamicConf(); - - Gson gson = new GsonBuilder().create(); - JsonElement json = gson.fromJson(fido2ConfigJson, JsonElement.class); - JsonObject job = gson.fromJson(fido2ConfigJson, JsonObject.class); - //entry = job.getAsJsonObject("fido2Configuration"); - fido2Configuration = gson.fromJson(entry,Fido2Configuration.class); - + + Gson gson = new Gson(); + JsonElement jsonElement = gson.fromJson(fido2ConfigJson, JsonElement.class); + JsonObject jsonObject = jsonElement.getAsJsonObject(); + JsonElement fido2ConfigurationElement = jsonObject.get("fido2Configuration"); + fido2Configuration = gson.fromJson(fido2ConfigurationElement,Fido2Configuration.class); + + log.debug("\n\n\n\n Fido2Resource::getFido2Configuration() - jsonElement = "+jsonElement); + log.debug(" jsonObject = "+jsonObject); + log.debug(" fido2ConfigurationElement = "+fido2ConfigurationElement); + log.debug(" fido2Configuration = "+fido2Configuration); + log.debug("\n\n\n\n"); } - return Response.ok(fido2ConfigJson).build(); + return Response.ok(fido2Configuration).build(); } catch (Exception ex) { log.error("Failed to fetch oxAuth Fido2 configuration", ex); @@ -80,18 +85,40 @@ public Response getFido2Configuration() { @PUT @Operation(summary = "Updates Fido2 configuration properties.") @APIResponses(value = { - @APIResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = Response.class, required = true, description = "Success"))), + @APIResponse(responseCode = "200", content = @Content(schema = @Schema(implementation = Fido2Configuration.class, required = true, description = "Success"))), @APIResponse(responseCode = "401", content = @Content(schema = @Schema(implementation = ApiError.class, required = false)) , description = "Unauthorized"), @APIResponse(responseCode = "500", content = @Content(schema = @Schema(implementation = ApiError.class)), description = "Server error") }) @ProtectedApi(scopes = { WRITE_ACCESS }) public Response updateFido2Configuration(@Valid Fido2Configuration fido2Configuration) { - log.debug("Fido2Resource::updateFido2Configuration() - Updates Fido2 configuration properties."); + log.info("Fido2Resource::updateFido2Configuration() - Updates Fido2 configuration properties. - fido2Configuration = "+fido2Configuration); try { DbApplicationConfiguration dbApplicationConfiguration = this.jsonConfigurationService.loadFido2Configuration(); - Gson gson = new Gson(); - String fido2ConfigJson = gson.toJson(fido2Configuration); - this.jsonConfigurationService.saveFido2Configuration(fido2ConfigJson); - return Response.ok(ResponseStatus.SUCCESS).build(); + if (dbApplicationConfiguration != null) { + + String fido2ConfigJson = dbApplicationConfiguration.getDynamicConf(); + + Gson gson = new Gson(); + JsonElement jsonElement = gson.fromJson(fido2ConfigJson, JsonElement.class); + JsonObject jsonObject = jsonElement.getAsJsonObject(); + log.debug("Fido2Resource::updateFido2Configuration() - jsonElement = "+jsonElement); + log.debug(" jsonObject_1= "+jsonObject); + + JsonElement fido2ConfigurationElement = jsonObject.get("fido2Configuration"); + JsonElement updatedElement = gson.toJsonTree(fido2Configuration); + //jsonObject.remove("fido2Configuration"); + jsonObject.add("fido2Configuration", updatedElement); + + + log.debug(" jsonObject_2 = "+jsonObject); + log.debug(" fido2ConfigurationElement = "+fido2ConfigurationElement); + log.debug(" fido2Configuration = "+fido2Configuration); + log.debug(" updatedElement = "+updatedElement); + log.debug("\n\n\n\n"); + + this.jsonConfigurationService.saveFido2Configuration(jsonObject.toString()); + + } + return Response.ok(fido2Configuration).build(); } catch (Exception ex) { log.error("Failed to update oxAuth Fido2 configuration", ex); return getInternalServerError(ex); diff --git a/src/main/java/org/gluu/oxauthconfigapi/util/ApiConstants.java b/src/main/java/org/gluu/oxauthconfigapi/util/ApiConstants.java index 445e7e61d47..ec460095a08 100644 --- a/src/main/java/org/gluu/oxauthconfigapi/util/ApiConstants.java +++ b/src/main/java/org/gluu/oxauthconfigapi/util/ApiConstants.java @@ -24,6 +24,7 @@ private ApiConstants() { public static final String SECTORS = "/sectoridentifiers"; public static final String PAIRWISE = "/pairwise"; public static final String FIDO2 = "/fido2"; + public static final String CIBA = "/ciba"; public static final String RESOURCES = "/resources"; public static final String ATTRIBUTES = "/attributes"; public static final String SCRIPTS = "/scripts"; diff --git a/src/test/resources/feature/ciba/ciba.feature b/src/test/resources/feature/ciba/ciba.feature new file mode 100644 index 00000000000..c93553bcc31 --- /dev/null +++ b/src/test/resources/feature/ciba/ciba.feature @@ -0,0 +1,219 @@ +Feature: Verify CIBA configuration endpoint + + Background: + * def mainUrl = cibaUrl + + @ciba-put-json + Scenario: Update CIBA configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request read('ciba.json') + When method PUT + Then status 200 + And print response + And assert response.length != null + + @ciba-get + Scenario: Retrieve CIBA configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + + + @ciba-put + Scenario: Update CIBA configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + #Then set result.cibaMaxExpirationTimeAllowedSec = 1000 + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 200 + And print response + + + @ciba-error + Scenario: apiKey configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.apiKey = null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + + @ciba-error + Scenario: authDomain configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.authDomain = '' + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + + @ciba-error + Scenario: databaseURL configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.databaseURL = '' + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + @ciba-error + Scenario: projectId configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.projectId = '' + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + @ciba-error + Scenario: storageBucket configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.storageBucket = null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + @ciba-error + Scenario: messagingSenderId configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.messagingSenderId = null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + @ciba-error + Scenario: appId configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.appId = null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + + @ciba-error + Scenario: notificationUrl configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.notificationUrl = null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + + @ciba-error + Scenario: notificationKey configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.notificationKey = null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + + @ciba-error + Scenario: publicVapidKey configuration cannot be null or empty + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + And assert response.length != null + Then def result = response + Then set result.publicVapidKey = null + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request result + When method PUT + Then status 400 + And print response + + \ No newline at end of file diff --git a/src/test/resources/feature/ciba/ciba.json b/src/test/resources/feature/ciba/ciba.json new file mode 100644 index 00000000000..a2cb6db256c --- /dev/null +++ b/src/test/resources/feature/ciba/ciba.json @@ -0,0 +1,14 @@ +{ + "apiKey": "AIzaSyDwJtxZV-ApPlApt7HdXkleEZhseURgzHI", + "authDomain": "api-project-561176510817.firebaseapp.com", + "databaseURL": "https://api-project-561176510817.firebaseio.com", + "projectId": "api-project-561176510817", + "storageBucket": "api-project-561176510817.appspot.com", + "messagingSenderId": "561176510817", + "appId": "1:561176510817:web:8e327e72cd49e8d5", + "notificationUrl": "https://fcm.googleapis.com/fcm/send", + "notificationKey": "csyBj39m4uPHbs2oHeTw40KfgCiUbgxBKPPz6ZXgkpF4EMQvMOAHAoM7up1UlfHk9GD5QnqdMktzjpmEuKd5xlD2kRDhwMIJ8JYbTA5+Cv39CxuWOiFuuMPJZqg+VqT4X7Ne9sXvm3UtMe8PxmRAoXlSZ1kElT/AuQvC2+YyiqlmLpXoCU01waEtIajltap5TrFuXvAvkmYJjvCkFIdWsg==", + "publicVapidKey": "BOH-FKi3U-7cr5Wv3WeS8RJXXaGpf1R7tlgKSOvYCbFrJRaJER4kI_0xCN", + "cibaMaxExpirationTimeAllowedSec": 1800, + "cibaGrantLifeExtraTimeSec": 180, +} \ No newline at end of file diff --git a/src/test/resources/feature/fido2/dynamiconf.json b/src/test/resources/feature/fido2/dynamiconf.json new file mode 100644 index 00000000000..c9bfbc3c25d --- /dev/null +++ b/src/test/resources/feature/fido2/dynamiconf.json @@ -0,0 +1,27 @@ +{ +"issuer":"https://pujavs3.infinity.com", +"baseEndpoint":"https://pujavs3.infinity.com/fido2/restv1", +"cleanServiceInterval":60, +"cleanServiceBatchChunkSize":10000, +"useLocalCache":true, +"disableJdkLogger":true, +"loggingLevel":"INFO", +"loggingLayout":"text", +"externalLoggerConfiguration":"", +"metricReporterInterval":300, +"metricReporterKeepDataDays":15, +"metricReporterEnabled":true, +"personCustomObjectClassList":["gluuCustomPerson","gluuPerson"], +"fido2Configuration":{ + "authenticatorCertsFolder":"/etc/gluu/conf/fido2/authenticator_cert", + "mdsCertsFolder":"/etc/gluu/conf/fido2/mds/cert", + "mdsTocsFolder":"/etc/gluu/conf/fido2/mds/toc", + "serverMetadataFolder":"/etc/gluu/conf/fido2/server_metadata", + "requestedCredentialTypes":["RS256","ES256"], + "requestedParties":[{"name":"https://pujavs3.infinity.com", + "domains":["pujavs3.infinity.com"]}], + "userAutoEnrollment":false, + "unfinishedRequestExpiration":180, + "authenticationHistoryExpiration":1296000} + +} diff --git a/src/test/resources/feature/fido2/fido2.feature b/src/test/resources/feature/fido2/fido2.feature index cc5427aa96b..8c49fc71754 100644 --- a/src/test/resources/feature/fido2/fido2.feature +++ b/src/test/resources/feature/fido2/fido2.feature @@ -2,18 +2,29 @@ Feature: Verify Fido2 configuration endpoint Background: * def mainUrl = fido2Url + + @ignore + @dynamiconf-put-json + Scenario: Update Fido2 configuration + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And request read('dynamiconf.json') + When method PUT + Then status 200 + And print response + And assert response.length != null @fido-get - Scenario: Retrieve ResponseMode configuration + Scenario: Retrieve Fido2 configuration Given url mainUrl And header Authorization = 'Bearer ' + accessToken When method GET Then status 200 And print response And assert response.length != null - + @fido-put - Scenario: Update ResponseMode configuration + Scenario: Update Fido2 configuration Given url mainUrl And header Authorization = 'Bearer ' + accessToken When method GET @@ -21,7 +32,7 @@ Feature: Verify Fido2 configuration endpoint And print response And assert response.length != null Then def result = response - Then set result.unfinishedRequestExpiration = 800 + Then set result.authenticationHistoryExpiration = 800 Given url mainUrl And header Authorization = 'Bearer ' + accessToken And request result @@ -29,6 +40,7 @@ Feature: Verify Fido2 configuration endpoint Then status 200 And print response + @fido-error Scenario: authenticatorCertsFolder configuration cannot be null or empty Given url mainUrl @@ -46,6 +58,7 @@ Feature: Verify Fido2 configuration endpoint Then status 400 And print response + @fido-error Scenario: mdsCertsFolder configuration cannot be null or empty Given url mainUrl @@ -63,6 +76,7 @@ Feature: Verify Fido2 configuration endpoint Then status 400 And print response + @fido-error Scenario: mdsTocsFolder configuration cannot be null or empty Given url mainUrl @@ -80,6 +94,7 @@ Feature: Verify Fido2 configuration endpoint Then status 400 And print response + @fido-error Scenario: serverMetadataFolder configuration cannot be null or empty Given url mainUrl @@ -97,6 +112,7 @@ Feature: Verify Fido2 configuration endpoint Then status 400 And print response + @fido-error Scenario: requestedCredentialTypes configuration cannot be null or empty Given url mainUrl @@ -114,6 +130,7 @@ Feature: Verify Fido2 configuration endpoint Then status 400 And print response + @fido-error Scenario: requestedParties configuration cannot be null or empty Given url mainUrl @@ -131,6 +148,7 @@ Feature: Verify Fido2 configuration endpoint Then status 400 And print response + @fido-error Scenario: unfinishedRequestExpiration configuration cannot be less than 0 (zero) Given url mainUrl @@ -148,6 +166,7 @@ Feature: Verify Fido2 configuration endpoint Then status 400 And print response + @fido-error Scenario: authenticationHistoryExpiration configuration cannot be less than 0 (zero) Given url mainUrl diff --git a/src/test/resources/karate-config.js b/src/test/resources/karate-config.js index a9512b52512..e9c2050b5fa 100644 --- a/src/test/resources/karate-config.js +++ b/src/test/resources/karate-config.js @@ -68,6 +68,9 @@ function() { // fido2 configuration endpoint fido2Url: baseUrl + ':' + port + '/api/v1/oxauth/fido2', + // CIBA configuration endpoint + cibaUrl: baseUrl + ':' + port + '/api/v1/oxauth/ciba', + // OpenIdConnect Clients Endpoint openidclients_url: baseUrl + ':' + port + '/api/v1/oxauth/clients', diff --git a/src/test/resources/karate-config.js.bak b/src/test/resources/karate-config.js.bak new file mode 100644 index 00000000000..f041d21c48f --- /dev/null +++ b/src/test/resources/karate-config.js.bak @@ -0,0 +1,105 @@ +function() { + + var stream = read('classpath:karate.properties'); + var props = new java.util.Properties(); + props.load(stream); + //karate.log('properties= ', props); + + var env = props.get('karate.env'); // get java system property 'karate.env' + var username = props.get('karate.user'); + var password = props.get('karate.pass'); + //karate.log('karate.env selected environment is:', env); + //karate.log('karate user:pwd =', username+':'+password); + karate.configure("ssl", true); + + if (!env) { + env = 'dev'; //env can be anything: dev, qa, staging, etc. + } + + var baseUrl = props.get('karate.test.url'); + var port = props.get('karate.test.port'); + //karate.log('karate baseUrl:port =', baseUrl+':'+port); + var config = { + env: env, + + // default accessToken + + accessToken: 'c8dd2445-4734-4119-8dd1-4dbe91976202', + + // health endpoint + healthUrl: baseUrl + ':' + port + '/health', + + // backchannel endpoint + backchannelUrl: baseUrl + ':' + port + '/api/v1/oxauth/backchannel', + + // Metrics endpoint + metricsUrl: baseUrl + ':' + port + '/api/v1/oxauth/metrics', + + // DynamicRegistration endpoint + dynamicRegistrationUrl: baseUrl + ':' + port + '/api/v1/oxauth/dyn_registration', + + // ResponsesTypes endpoint + responsesTypesUrl: baseUrl + ':' + port + '/api/v1/oxauth/responses_types', + + // ResponseMode endpoint + responseModeUrl: baseUrl + ':' + port + '/api/v1/oxauth/responses_modes', + + // JanssenPKCS endpoint + janssenPKCSUrl: baseUrl + ':' + port + '/api/v1/oxauth/janssenpkcs', + + // UserInfo endpoint + userInfoUrl: baseUrl + ':' + port + '/api/v1/oxauth/user_info', + + // RequestObject endpoint + requestObjectUrl: baseUrl + ':' + port + '/api/v1/oxauth/request_object', + + // UmaConfiguration endpoint + umaConfigurationUrl: baseUrl + ':' + port + '/api/v1/oxauth/uma', + + // idToken endpoint + idTokenUrl: baseUrl + ':' + port + '/api/v1/oxauth/idtoken', + + // SessionId endpoint + sessionIdUrl: baseUrl + ':' + port + '/api/v1/oxauth/sessionid', + + // pairwise configuration endpoint + pairwiseUrl: baseUrl + ':' + port + '/api/v1/oxauth/pairwise', + + // fido2 configuration endpoint + fido2Url: baseUrl + ':' + port + '/api/v1/oxauth/fido2', + + // CIBA configuration endpoint + cibaUrl: baseUrl + ':' + port + '/api/v1/oxauth/ciba', + + // OpenIdConnect Clients Endpoint + openidclients_url: baseUrl + ':' + port + '/api/v1/oxauth/clients', + + // OpenIdConnect Scopes Endpoint + openidscopes_url: baseUrl + ':' + port + '/api/v1/oxauth/scopes', + + // OpenIdConnect Sectors Endpoint + openidsectors_url: baseUrl + ':' + port + '/api/v1/oxauth/openid/sectoridentifiers', + + // Uma scopes + umascopes_url: baseUrl + ':' + port + '/api/v1/oxauth/uma/scopes', + + // Uma resources + umaresources_url: baseUrl + ':' + port + '/api/v1/oxauth/uma/resources', + + // Uma resources + attributes_url: baseUrl + ':' + port + '/api/v1/oxauth/attributes', + + // Person Scripts + personscripts_url: baseUrl + ':' + port + '/api/v1/oxauth/scripts/person_authn', + + }; + + + + + karate.configure('connectTimeout', 30000); + karate.configure('readTimeout', 60000); + + + return config; +} \ No newline at end of file