blob: 94f28161da7634e8c02726c76e3b23e9cf4b6837 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
;; disfluid, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU Affero General Public License as
;; published by the Free Software Foundation, either version 3 of the
;; License, or (at your option) any later version.
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU Affero General Public License for more details.
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
(define-module (tests resource-server)
#:use-module (webid-oidc provider-confirmation)
#:use-module (webid-oidc server endpoint)
#:use-module (webid-oidc server endpoint authentication)
#:use-module (webid-oidc jti)
#:use-module (webid-oidc jwk)
#:use-module (webid-oidc jws)
#:use-module (webid-oidc oidc-configuration)
#:use-module (webid-oidc access-token)
#:use-module (webid-oidc dpop-proof)
#:use-module (webid-oidc testing)
#:use-module ((webid-oidc parameters) #:prefix p:)
#:use-module (web uri)
#:use-module (web request)
#:use-module (srfi srfi-19)
#:use-module (web response)
#:use-module (ice-9 optargs)
#:use-module (ice-9 control)
#:use-module (ice-9 receive)
#:use-module (oop goops)
#:duplicates (merge-generics))
(define-class <backend> (<endpoint>))
(define return (make-parameter values))
(define-method (handle (backend <backend>) request request-body)
((return) (assq-ref (request-meta request) 'user)))
(with-test-environment
"resource-server"
(lambda ()
(define client-key (generate-key #:n-size 2048))
(define idp-key (generate-key #:n-size 2048))
(define jwks (make <jwks> #:keys (list idp-key)))
(define jwks-uri (string->uri "https://identity.provider/keys"))
(define oidc-config
(make <oidc-configuration>
#:jwks-uri jwks-uri
#:authorization-endpoint "https://identity.provider/authorize"
#:token-endpoint "https://identity.provider/token"
#:solid-oidc-supported "https://solidproject.org/TR/solid-oidc"))
(define oidc-config-uri
(string->uri
"https://identity.provider/.well-known/openid-configuration"))
(define subject (string->uri "https://identity.provider/subject#me"))
(define* (http-get uri #:key (headers '()))
(define exp (time-utc->date (make-time time-utc 0 3600)))
(cond ((equal? uri oidc-config-uri)
(serve oidc-config exp))
((equal? uri jwks-uri)
(serve jwks exp))
(else (exit 1))))
(define access-token
(parameterize ((p:current-date 10))
(issue <access-token>
idp-key
#:webid subject
#:iss (string->uri "https://identity.provider")
#:client-key client-key
#:client-id (string->uri "https://client"))))
(define uri (string->uri "https://resource.server/resource"))
(define server-uri (string->uri "https://resource.server/"))
(define method 'GET)
(define dpop-proof
(parameterize ((p:current-date 15))
(issue <dpop-proof>
client-key
#:jwk (public-key client-key)
#:htm method
#:htu uri
#:access-token access-token)))
(define rq
(call-with-input-string
(format #f "GET /resource HTTP/1.1\r\n\
Host: resource.server\r\n\
User-Agent: Test Suite\r\n\
Upgrade-Insecure-Requests: 1\r\n\
Cache-Control: max-age=0\r\n\
Authorization: DPoP ~a\r\n\
DPoP: ~a\r\n\r\n"
access-token
dpop-proof)
read-request))
(define rq-body "")
(define authenticator
(make <authenticator>
#:backend (make <backend>)
#:server-uri server-uri))
(define parsed
(let/ec ret
(parameterize ((p:current-date 20)
(p:anonymous-http-request http-get)
(return ret))
(handle authenticator rq rq-body))))
(unless (uri? parsed)
(exit 2))
(unless (equal? parsed subject)
(exit 3))))
|