-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDefaultAuthorizationServerMetadataResolverTest.kt
More file actions
87 lines (80 loc) · 3.74 KB
/
DefaultAuthorizationServerMetadataResolverTest.kt
File metadata and controls
87 lines (80 loc) · 3.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/*
* Copyright (c) 2023-2026 European Commission
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package eu.europa.ec.eudi.openid4vci
import com.nimbusds.oauth2.sdk.`as`.AuthorizationServerMetadata
import io.ktor.client.plugins.*
import io.ktor.client.statement.*
import io.ktor.http.*
import kotlinx.coroutines.test.runTest
import java.net.URI
import kotlin.test.Test
import kotlin.test.assertEquals
import kotlin.test.assertFailsWith
import kotlin.test.assertIs
internal class DefaultAuthorizationServerMetadataResolverTest {
@Test
internal fun `resolution success fallback to compliant oauth2 well-known url`() = runTest {
val issuer = HttpsUrl("https://keycloak-eudi.netcompany-intrasoft.com/realms/pid-issuer-realm").getOrThrow()
val resolver = mockResolver(
RequestMocker(
match(
URI.create(
"https://keycloak-eudi.netcompany-intrasoft.com/.well-known/oauth-authorization-server/realms/pid-issuer-realm",
),
),
jsonResponse("eu/europa/ec/eudi/openid4vci/internal/oauth_authorization_server_metadata.json"),
),
)
val metadata = resolver.resolve(issuer).getOrThrow()
assertIs<AuthorizationServerMetadata>(metadata)
// equals not implemented by AuthorizationServerMetadata
assertEquals(oauthAuthorizationServerMetadata().toJSONObject(), metadata.toJSONObject())
}
@Test
internal fun `fails when issuer does not match`() = runTest {
val issuer = HttpsUrl("https://keycloak.netcompany.com/realms/pid-issuer-realm").getOrThrow()
val resolver = mockResolver(
RequestMocker(
match(
URI.create("https://keycloak.netcompany.com/.well-known/oauth-authorization-server/realms/pid-issuer-realm"),
),
jsonResponse("eu/europa/ec/eudi/openid4vci/internal/oauth_authorization_server_metadata.json"),
),
)
val ex = assertFailsWith<AuthorizationServerMetadataResolutionException> {
resolver.resolve(issuer).getOrThrow()
}
val cause = assertIs<IllegalArgumentException>(ex.cause)
assertEquals("issuer does not match the expected value", cause.message)
}
@Test
internal fun `fails when url does not return the metadata`() = runTest {
val issuer = HttpsUrl("https://keycloak.netcompany.com/realms/pid-issuer-realm").getOrThrow()
val resolver = AuthorizationServerMetadataResolver(mockedHttpClient(expectSuccessOnly = true))
val error = assertFailsWith<AuthorizationServerMetadataResolutionException> {
resolver.resolve(issuer).getOrThrow()
}
val cause = assertIs<ClientRequestException>(error.cause)
assertEquals(HttpStatusCode.NotFound, cause.response.status)
// Verify the URL that was tried is the common lookup for oauth2 authorization server metadata.
assertEquals(
"https://keycloak.netcompany.com/.well-known/oauth-authorization-server/realms/pid-issuer-realm",
cause.response.request.url.toString(),
)
}
}
private fun mockResolver(mocker: RequestMocker) =
AuthorizationServerMetadataResolver(mockedHttpClient(mocker))