blob: aba4bb0c617e5f95007c2d3755e94ae390e83317 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
;; webid-oidc, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU Affero General Public License as
;; published by the Free Software Foundation, either version 3 of the
;; License, or (at your option) any later version.
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU Affero General Public License for more details.
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
(use-modules (webid-oidc provider-confirmation)
(webid-oidc jti)
(webid-oidc jwk)
(webid-oidc jws)
(webid-oidc oidc-configuration)
(webid-oidc access-token)
(webid-oidc dpop-proof)
(webid-oidc resource-server)
(webid-oidc testing)
((webid-oidc parameters) #:prefix p:)
(web uri)
(web request)
(srfi srfi-19)
(web response)
(ice-9 optargs)
(ice-9 receive))
(with-test-environment
"resource-server"
(lambda ()
(define client-key (generate-key #:n-size 2048))
(define idp-key (generate-key #:n-size 2048))
(define jwks (make-jwks (list idp-key)))
(define jwks-uri (string->uri "https://identity.provider/keys"))
(define oidc-config
(make-oidc-configuration
jwks-uri
(string->uri "https://identity.provider/authorize")
(string->uri "https://identity.provider/token")))
(define oidc-config-uri
(string->uri
"https://identity.provider/.well-known/openid-configuration"))
(define subject (string->uri "https://identity.provider/subject#me"))
(define* (http-get uri #:key (headers '()))
(define exp (time-utc->date (make-time time-utc 0 3600)))
(cond ((equal? uri oidc-config-uri)
(serve-oidc-configuration exp oidc-config))
((equal? uri jwks-uri)
(serve-jwks exp jwks))
(else (exit 1))))
(define access-token
(parameterize ((p:current-date 10))
(issue-access-token
idp-key
#:alg 'RS256
#:webid subject
#:iss "https://identity.provider"
#:validity 3600
#:client-key client-key
#:client-id "https://client")))
(define uri (string->uri "https://resource.server/resource"))
(define server-uri (string->uri "https://resource.server/"))
(define method 'GET)
(define dpop-proof
(parameterize ((p:current-date 15))
(issue-dpop-proof
client-key
#:alg 'RS256
#:htm method
#:htu uri
#:access-token access-token)))
(define rq
(call-with-input-string
(format #f "GET /resource HTTP/1.1\r\n\
Host: resource.server\r\n\
User-Agent: Test Suite\r\n\
Upgrade-Insecure-Requests: 1\r\n\
Cache-Control: max-age=0\r\n\
Authorization: DPoP ~a\r\n\
DPoP: ~a\r\n\r\n"
access-token
dpop-proof)
read-request))
(define rq-body "")
(define authenticator
(make-authenticator
#:server-uri server-uri
#:http-get http-get))
(define parsed
(parameterize ((p:current-date 20))
(authenticator rq rq-body)))
(unless (uri? parsed)
(exit 2))
(unless (equal? parsed subject)
(exit 3))))
|
