#360 - Create stress/load test which should cover all APIs with mocke…

…d OP

oxd-server/src/main/java/org/gluu/oxd/server/op/CheckIdTokenOperation.java

@@ -38,7 +38,7 @@ public IOpResponse execute(CheckIdTokenParams params) {
             final Rp site = getRp();
             final String idToken = params.getIdToken();
             final Jwt jwt = Jwt.parse(idToken);
-            final Validator validator = new Validator(jwt, discoveryResponse, getKeyService());
+            final Validator validator = new Validator(jwt, discoveryResponse, getKeyService(), getOpClientFactory());
 
             final CheckIdTokenResponse opResponse = new CheckIdTokenResponse();
             opResponse.setActive(validator.isIdTokenValid(site.getClientId()));

oxd-server/src/main/java/org/gluu/oxd/server/op/GetTokensByCodeOperation.java

@@ -70,7 +70,7 @@ public IOpResponse execute(GetTokensByCodeParams params) throws Exception {
             }
 
             final Jwt idToken = Jwt.parse(response.getIdToken());
-            final Validator validator = getOpClientFactory().createValidator(idToken, discoveryResponse, getKeyService());
+            final Validator validator = new Validator(idToken, discoveryResponse, getKeyService(), getOpClientFactory());
             validator.validateNonce(getStateService());
             validator.validateIdToken(site.getClientId());
             validator.validateAccessToken(response.getAccessToken());

oxd-server/src/main/java/org/gluu/oxd/server/op/OpClientFactory.java

@@ -2,6 +2,9 @@
 
 import org.gluu.oxauth.client.*;
 import org.gluu.oxauth.client.uma.UmaClientFactory;
+import org.gluu.oxauth.model.crypto.signature.RSAPublicKey;
+import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
+import org.gluu.oxauth.model.jws.RSASigner;
 import org.gluu.oxauth.model.jwt.Jwt;
 import org.gluu.oxd.rs.protect.resteasy.PatProvider;
 import org.gluu.oxd.rs.protect.resteasy.ResourceRegistrar;
@@ -27,7 +30,9 @@ public interface OpClientFactory {
 
     public ResourceRegistrar createResourceRegistrar(PatProvider patProvider, ServiceProvider serviceProvider);
 
-    public Validator createValidator(Jwt idToken, OpenIdConfigurationResponse discoveryResponse, PublicOpKeyService keyService);
+    public JwkClient createJwkClient(String url);
+
+    public RSASigner createRSASigner(SignatureAlgorithm signatureAlgorithm, RSAPublicKey rsaPublicKey);
 
     public RptPreProcessInterceptor createRptPreProcessInterceptor(ResourceRegistrar resourceRegistrar);
 

oxd-server/src/main/java/org/gluu/oxd/server/op/OpClientFactoryImpl.java

@@ -2,6 +2,9 @@
 
 import org.gluu.oxauth.client.*;
 import org.gluu.oxauth.client.uma.UmaClientFactory;
+import org.gluu.oxauth.model.crypto.signature.RSAPublicKey;
+import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
+import org.gluu.oxauth.model.jws.RSASigner;
 import org.gluu.oxauth.model.jwt.Jwt;
 import org.gluu.oxd.rs.protect.resteasy.PatProvider;
 import org.gluu.oxd.rs.protect.resteasy.ResourceRegistrar;
@@ -53,8 +56,12 @@ public UmaClientFactory createUmaClientFactory() {
         return UmaClientFactory.instance();
     }
 
-    public Validator createValidator(Jwt idToken, OpenIdConfigurationResponse discoveryResponse, PublicOpKeyService keyService) {
-        return new Validator(idToken, discoveryResponse, keyService);
+    public JwkClient createJwkClient(String url) {
+        return new JwkClient(url);
+    }
+
+    public RSASigner createRSASigner(SignatureAlgorithm signatureAlgorithm, RSAPublicKey rsaPublicKey) {
+        return new RSASigner(signatureAlgorithm, rsaPublicKey);
     }
 
     public RptPreProcessInterceptor createRptPreProcessInterceptor(ResourceRegistrar resourceRegistrar) {

oxd-server/src/main/java/org/gluu/oxd/server/op/ValidateOperation.java

@@ -37,7 +37,7 @@ public IOpResponse execute(ValidateParams params) throws Exception {
 
         final Jwt idToken = Jwt.parse(params.getIdToken());
 
-        final Validator validator = new Validator(idToken, discoveryResponse, getKeyService());
+        final Validator validator = new Validator(idToken, discoveryResponse, getKeyService(), getOpClientFactory());
         validator.validateNonce(getStateService());
         validator.validateIdToken(site.getClientId());
         validator.validateAccessToken(params.getAccessToken());

oxd-server/src/main/java/org/gluu/oxd/server/op/Validator.java

@@ -32,14 +32,16 @@ public class Validator {
     private final OpenIdConfigurationResponse discoveryResponse;
     private final PublicOpKeyService keyService;
     private RSASigner rsaSigner;
+    private static OpClientFactory opClientFactory;
 
-    public Validator(Jwt idToken, OpenIdConfigurationResponse discoveryResponse, PublicOpKeyService keyService) {
+    public Validator(Jwt idToken, OpenIdConfigurationResponse discoveryResponse, PublicOpKeyService keyService, OpClientFactory opClientFactory) {
         Preconditions.checkNotNull(idToken);
         Preconditions.checkNotNull(discoveryResponse);
 
         this.idToken = idToken;
         this.discoveryResponse = discoveryResponse;
         this.keyService = keyService;
+        this.opClientFactory = opClientFactory;
         this.rsaSigner = createRSASigner(idToken, discoveryResponse, keyService);
     }
 
@@ -72,7 +74,7 @@ public static RSASigner createRSASigner(Jwt jwt, OpenIdConfigurationResponse dis
         final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm);
 
         final RSAPublicKey publicKey = keyService.getRSAPublicKey(jwkUrl, kid);
-        return new RSASigner(signatureAlgorithm, publicKey);
+        return opClientFactory.createRSASigner(signatureAlgorithm, publicKey);
     }
 
     public void validateNonce(StateService stateService) {

oxd-server/src/main/java/org/gluu/oxd/server/service/PublicOpKeyService.java

@@ -3,6 +3,7 @@
 import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;
 import com.google.inject.Inject;
+import org.gluu.oxd.server.op.OpClientFactory;
 import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -24,13 +25,15 @@ public class PublicOpKeyService {
 
     private final Cache<Pair<String, String>, RSAPublicKey> cache;
     private final HttpService httpService;
+    private OpClientFactory opClientFactory;
 
     @Inject
-    public PublicOpKeyService(ConfigurationService configurationService, HttpService httpService) {
+    public PublicOpKeyService(ConfigurationService configurationService, HttpService httpService, OpClientFactory opClientFactory) {
         this.cache = CacheBuilder.newBuilder()
                 .expireAfterWrite(configurationService.get().getPublicOpKeyCacheExpirationInMinutes(), TimeUnit.MINUTES)
                 .build();
         this.httpService = httpService;
+        this.opClientFactory = opClientFactory;
     }
 
 
@@ -46,7 +49,7 @@ public RSAPublicKey getRSAPublicKey(String jwkSetUri, String keyId) {
 
             RSAPublicKey publicKey = null;
 
-            JwkClient jwkClient = new JwkClient(jwkSetUri);
+            JwkClient jwkClient = opClientFactory.createJwkClient(jwkSetUri);
             jwkClient.setExecutor(new ApacheHttpClient4Executor(httpService.getHttpClient()));
             JwkResponse jwkResponse = jwkClient.exec();
             if (jwkResponse != null && jwkResponse.getStatus() == 200) {

oxd-server/src/test/java/org/gluu/oxd/mock/AuthorizationCodeFlowTest.java

@@ -58,6 +58,7 @@ public static RegisterSiteResponse registerSite(ClientInterface client, String o
         params.setClientFrontchannelLogoutUris(Lists.newArrayList(logoutUri));
         params.setRedirectUris(Lists.newArrayList(redirectUrls.split(" ")));
         params.setScope(Lists.newArrayList("openid", "uma_protection", "profile"));
+        params.setIdTokenSignedResponseAlg("HS256");
         params.setTrustedClient(true);
         params.setGrantTypes(Lists.newArrayList(
                 GrantType.AUTHORIZATION_CODE.getValue(),
@@ -72,7 +73,7 @@ public static RegisterSiteResponse registerSite(ClientInterface client, String o
     private GetTokensByCodeResponse2 requestTokens(ClientInterface client, RegisterSiteResponse site, String userId, String userSecret) {
 
         final String state = CoreUtils.secureRandomString();
-        final String nonce = "rrsenukn8h9hjmscjf5gq9i5tu";
+        final String nonce = "7r46ut6emu9gi11gn8044um640";
 
         final GetTokensByCodeParams params = new GetTokensByCodeParams();
         params.setOxdId(site.getOxdId());

oxd-server/src/test/java/org/gluu/oxd/mock/service/OpClientFactoryMockImpl.java

@@ -1,14 +1,15 @@
 package org.gluu.oxd.mock.service;
 
 import org.apache.commons.lang.StringUtils;
-import org.assertj.core.util.Lists;
 import org.glassfish.jersey.message.internal.OutboundJaxrsResponse;
 import org.glassfish.jersey.message.internal.OutboundMessageContext;
 import org.gluu.oxauth.client.*;
 import org.gluu.oxauth.client.uma.UmaClientFactory;
 import org.gluu.oxauth.client.uma.UmaMetadataService;
 import org.gluu.oxauth.model.common.TokenType;
-import org.gluu.oxauth.model.jwt.Jwt;
+import org.gluu.oxauth.model.crypto.signature.RSAPublicKey;
+import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
+import org.gluu.oxauth.model.jws.RSASigner;
 import org.gluu.oxauth.model.uma.PermissionTicket;
 import org.gluu.oxauth.model.uma.UmaMetadata;
 import org.gluu.oxd.common.Jackson2;
@@ -20,8 +21,6 @@
 import org.gluu.oxd.server.introspection.ClientFactory;
 import org.gluu.oxd.server.introspection.CorrectRptIntrospectionService;
 import org.gluu.oxd.server.op.OpClientFactory;
-import org.gluu.oxd.server.op.Validator;
-import org.gluu.oxd.server.service.PublicOpKeyService;
 import org.jboss.resteasy.client.ClientExecutor;
 import org.jboss.resteasy.client.ClientRequest;
 import org.jboss.resteasy.client.ClientResponse;
@@ -34,6 +33,7 @@
 import static org.mockito.Mockito.when;
 
 public class OpClientFactoryMockImpl implements OpClientFactory {
+
     @Override
     public TokenClient createTokenClient(String url) {
         TokenClient client = mock(TokenClient.class);
@@ -44,7 +44,7 @@ public TokenClient createTokenClient(String url) {
         response.setExpiresIn(50000);
         response.setRefreshToken(null);
         response.setScope("openid");
-        response.setIdToken("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiaVFPZDJ2aEtWVWFzRVRCRDZEbjV0ZyIsImF1ZCI6IjIwNDE5ZDRkLTRhMGItNGIyOC05MjgwLTkzNmNlZDBkNjVmZSIsInN1YiI6InMtX1ppclZ0N05PRGRuV0RBVUdyalQycVVad0s2Y1hUaGI5cVY5OXYtdGciLCJhdXRoX3RpbWUiOjE1Njc1MDY4MTUsImlzcyI6Imh0dHBzOi8vY2UtZGV2Ni5nbHV1Lm9yZyIsImV4cCI6MTU2NzUxMDQxOCwiaWF0IjoxNTY3NTA2ODE4LCJub25jZSI6IjVqOTlyMW9tb2Q1azQ3MTFmMnB1ZDMzZTBhIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.Wt_pUXW1BJyjcq2WJUMIYZwzEUeAmrDe8SaWM-RC7T86TmnQOnz0JMgEEN1J9ONsJNMdf8WJZDaqWXu2tVqHh1IrWmZ-U8_36HxcgPXy65yLho0hzCdjPp_KVTdttQhOmLvqn9x_NO8p06wBjm3d5T6xOgtxOjR0c4lqMOBDh3_jb9UH5ZLHRosx9pFCluylPjok8BREmOI_YnUJKHWz2Js9juWBnE94s50EOb7JuyVHvIDvVkrfh0YRZw61idaRQYzfEzwQQYJz6MF2xd4eHT3f-iB5ZBYdrtOPk0691ogLL3HbO_pCfjvsf4QVD0Q-4rlcSJ004ORyR77cgrBSAA");
+        response.setIdToken("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMnI1clZ2STdpMWxfcnNXZUV4bGRuUSIsImF1ZCI6IjZiNTc4YTliLTc1MTMtNDc3YS05YTdmLTEzNDNiNDg3Y2FmOCIsInN1YiI6InMtX1ppclZ0N05PRGRuV0RBVUdyalQycVVad0s2Y1hUaGI5cVY5OXYtdGciLCJhdXRoX3RpbWUiOjE1NjgxODUzMjcsImlzcyI6Imh0dHBzOi8vZHVtbXktaXNzdWVyLm9yZyIsImV4cCI6MTk2ODE4ODkzMCwiaWF0IjoxNTY4MTg1MzMwLCJub25jZSI6IjdyNDZ1dDZlbXU5Z2kxMWduODA0NHVtNjQwIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.Pp_rWPjTs0JWpomQIfHRrzE47cJcOQMO6otYyocgWgOUbzE0ttoS8dYvthU1LtkDdA8sBSX5rhB1CGugeSqvKdij6vLeJmE-A4G0OwfwrE7ROHLsbPpuGULJuIEwXgAZXdtoBwsNmK01Nu6ATEMgREl8dYPCRQ9divjQGLKAGLA");
         response.setStatus(200);
 
         when(client.exec()).thenReturn(response);
@@ -64,13 +64,38 @@ public TokenClient createTokenClientWithUmaProtectionScope(String url) {
         response.setRefreshToken(null);
         response.setScope("uma_protection");
         response.setIdToken("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiaVFPZDJ2aEtWVWFzRVRCRDZEbjV0ZyIsImF1ZCI6IjIwNDE5ZDRkLTRhMGItNGIyOC05MjgwLTkzNmNlZDBkNjVmZSIsInN1YiI6InMtX1ppclZ0N05PRGRuV0RBVUdyalQycVVad0s2Y1hUaGI5cVY5OXYtdGciLCJhdXRoX3RpbWUiOjE1Njc1MDY4MTUsImlzcyI6Imh0dHBzOi8vY2UtZGV2Ni5nbHV1Lm9yZyIsImV4cCI6MTU2NzUxMDQxOCwiaWF0IjoxNTY3NTA2ODE4LCJub25jZSI6IjVqOTlyMW9tb2Q1azQ3MTFmMnB1ZDMzZTBhIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.Wt_pUXW1BJyjcq2WJUMIYZwzEUeAmrDe8SaWM-RC7T86TmnQOnz0JMgEEN1J9ONsJNMdf8WJZDaqWXu2tVqHh1IrWmZ-U8_36HxcgPXy65yLho0hzCdjPp_KVTdttQhOmLvqn9x_NO8p06wBjm3d5T6xOgtxOjR0c4lqMOBDh3_jb9UH5ZLHRosx9pFCluylPjok8BREmOI_YnUJKHWz2Js9juWBnE94s50EOb7JuyVHvIDvVkrfh0YRZw61idaRQYzfEzwQQYJz6MF2xd4eHT3f-iB5ZBYdrtOPk0691ogLL3HbO_pCfjvsf4QVD0Q-4rlcSJ004ORyR77cgrBSAA");
+        //response.setIdToken("eyJraWQiOiJjZmFiMzRlYy0xNjhkLTQ4OTUtODRiOC0xZjAyNzgwNDkxYzciLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdF9oYXNoIjoiaVFPZDJ2aEtWVWFzRVRCRDZEbjV0ZyIsImF1ZCI6IjIwNDE5ZDRkLTRhMGItNGIyOC05MjgwLTkzNmNlZDBkNjVmZSIsInN1YiI6InMtX1ppclZ0N05PRGRuV0RBVUdyalQycVVad0s2Y1hUaGI5cVY5OXYtdGciLCJhdXRoX3RpbWUiOjE1Njc1MDY4MTUsImlzcyI6Imh0dHBzOi8vY2UtZGV2Ni5nbHV1Lm9yZyIsImV4cCI6MTk2NzUxMDQxOCwiaWF0IjoxNTY3NTA2ODE4LCJub25jZSI6IjVqOTlyMW9tb2Q1azQ3MTFmMnB1ZDMzZTBhIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.rxyKrMvfdScDkzyGQG9Mhc-qxjzOimqrsBTpKfTRpUM");
         response.setStatus(200);
 
         when(client.execClientCredentialsGrant(any(), any(), any())).thenReturn(response);
 
         return client;
     }
 
+    @Override
+    public JwkClient createJwkClient(String url) {
+        JwkClient client = mock(JwkClient.class);
+
+        JwkResponse jwkResponse = mock(JwkResponse.class);
+        when(jwkResponse.getStatus()).thenReturn(200);
+
+        RSAPublicKey rsaPublicKey = mock(RSAPublicKey.class);
+        when(jwkResponse.getPublicKey(any())).thenReturn(rsaPublicKey);
+
+        when(client.exec()).thenReturn(jwkResponse);
+
+        return client;
+    }
+
+    @Override
+    public RSASigner createRSASigner(SignatureAlgorithm signatureAlgorithm, RSAPublicKey rsaPublicKey) {
+        RSASigner client = mock(RSASigner.class);
+        when(client.validate(any())).thenReturn(true);
+        when(client.validateAccessToken(any(), any())).thenReturn(true);
+
+        return client;
+    }
+
     @Override
     public UserInfoClient createUserInfoClient(String url) {
         UserInfoClient client = mock(UserInfoClient.class);
@@ -88,7 +113,7 @@ public RegisterClient createRegisterClient(String url) {
 
         RegisterResponse response = new RegisterResponse();
 
-        response.setClientId("67c0f792-4f03-4146-b31b-575c8da21ca6");
+        response.setClientId("6b578a9b-7513-477a-9a7f-1343b487caf8");
         response.setClientSecret("DUMMY_CLIENT_SECRET_"+ System.currentTimeMillis());
         response.setRegistrationAccessToken("DUMMY_REGISTRATION_ACCESS_TOKEN");
         response.setRegistrationClientUri("https://www.dummy-op-server.xyz/oxauth/restv1/register?client_id=@!8DBF.24EB.FA0E.1BFF!0001!32B7.932A!0008!AB90.6BF3.8E32.7A13");
@@ -115,6 +140,7 @@ public OpenIdConfigurationClient createOpenIdConfigurationClient(String url) thr
         response.setEntity("DUMMY_ENTITY");
         response.setRegistrationEndpoint("DUMMY_REGISTRATION_ENDPOINT");
         response.setEndSessionEndpoint("DUMMY_ENDSESSION_ENDPOINT");
+        response.setIssuer("https://dummy-issuer.org");
         when(client.execOpenIdConfiguration()).thenReturn(response);
         return client;
     }
@@ -145,12 +171,6 @@ public ResourceRegistrar createResourceRegistrar(PatProvider patProvider, Servic
         return client;
     }
 
-    public Validator createValidator(Jwt idToken, OpenIdConfigurationResponse discoveryResponse, PublicOpKeyService keyService) {
-        Validator client = mock(Validator.class);
-        //when(client.validateIdToken(any())).thenReturn(null);
-        return client;
-    }
-
     public RptPreProcessInterceptor createRptPreProcessInterceptor(ResourceRegistrar resourceRegistrar) {
         RptPreProcessInterceptor client = mock(RptPreProcessInterceptor.class);
 

oxd-server/src/test/resources/testng.xml

@@ -3,7 +3,7 @@
 <suite name="oxD Suite" parallel="false">
 
     <parameter name="host" value="http://localhost"/>
-    <parameter name="opHost" value="https://${test.server.name}"/>
+    <parameter name="opHost" value="https://ce-dev6.gluu.org"/>
     <parameter name="opDiscoveryPath" value=""/>
     <parameter name="redirectUrls" value="https://client.example.com/cb/home1 https://client.example.com/cb/home2"/>
     <parameter name="paramRedirectUrl" value="https://client.example.com/cb/home2"/>