blob: 293d65616ace25efa7bf4f82002bf086629ca698 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
(use-modules (webid-oidc token-endpoint)
(webid-oidc authorization-code)
(webid-oidc refresh-token)
(webid-oidc dpop-proof)
(webid-oidc jwk)
(webid-oidc jws)
(webid-oidc jti)
(webid-oidc testing)
((webid-oidc stubs) #:prefix stubs:)
(web uri)
(web request)
(web response)
(srfi srfi-19)
(web response)
(ice-9 optargs)
(ice-9 receive))
(with-test-environment
"token-endpoint-refresh"
(lambda ()
(define alg 'RS256)
(define key (generate-key #:n-size 2048))
(define client-key (generate-key #:n-size 2048))
(define subject (string->uri "https://token-endpoint-issue.scm/profile/card#me"))
(define client (string->uri "https://token-endpoint-issue.scm/client/card#app"))
(define issuer (string->uri "https://issuer.token-endpoint-issue.scm"))
(define validity 3600)
(define jti-list (make-jti-list))
(define refresh-code
(issue-refresh-token subject client (jkt client-key)))
(define the-time 0)
(define (current-time)
(make-time time-utc 0 the-time))
(define endpoint (make-token-endpoint
(string->uri "https://token-endpoint-issue.scm/token")
issuer alg key validity jti-list
#:current-time current-time))
(receive (response response-body)
;; The refresh token is fake!
(let ((dpop
(issue-dpop-proof
client-key
#:alg alg
#:htm 'POST
#:htu (string->uri
"https://token-endpoint-issue.scm/token")
#:iat (time-utc->date (make-time time-utc 0 0)))))
(set! the-time 0)
(endpoint
(build-request (string->uri
"http://localhost:8080/token")
#:headers `((content-type application/x-www-form-urlencoded)
(dpop . ,dpop))
#:method 'POST
#:port #t)
"refresh_token=fake"))
(unless (eq? (response-code response) 400)
(exit 3))
(receive (response response-body)
(let ((dpop
(issue-dpop-proof
client-key
#:alg alg
#:htm 'POST
#:htu (string->uri
"https://token-endpoint-issue.scm/token")
#:iat (time-utc->date (make-time time-utc 0 10)))))
(set! the-time 10)
(endpoint
(build-request (string->uri
"http://localhost:8080/token")
#:headers `((content-type application/x-www-form-urlencoded)
(dpop . ,dpop))
#:method 'POST
#:port #t)
(string-append "grant_type=refresh_token&refresh_token=" refresh-code)))
(unless (eq? (response-code response) 200)
(exit 4))
(unless (eq? (car (response-content-type response)) 'application/json)
(exit 5))
(let ((response (stubs:json-string->scm response-body)))
(let ((access-token-enc (assq-ref response 'access_token))
(refresh-token-enc (assq-ref response 'refresh_token)))
(unless access-token-enc
(exit 6))
(unless refresh-token-enc
(exit 7))
(let ((access-token (jws-decode access-token-enc
(lambda (h) key))))
(unless access-token
(exit 8))
(let ((access-token-cnf (assq-ref access-token 'cnf)))
(unless access-token-cnf
(exit 9))
(let ((access-token-cnf/jkt (assq-ref access-token-cnf 'jkt)))
(unless access-token-cnf/jkt
(exit 10))
(unless (string=? access-token-cnf/jkt (jkt client-key))
(exit 11))))
(unless (string=? refresh-token-enc refresh-code)
(exit 12)))))))))
|