diff --git a/src/test/java/org/jenkinsci/plugins/oic/OicServerManualConfigurationTest.java b/src/test/java/org/jenkinsci/plugins/oic/OicServerManualConfigurationTest.java index 8f2309f3..be7654f9 100644 --- a/src/test/java/org/jenkinsci/plugins/oic/OicServerManualConfigurationTest.java +++ b/src/test/java/org/jenkinsci/plugins/oic/OicServerManualConfigurationTest.java @@ -1,20 +1,31 @@ package org.jenkinsci.plugins.oic; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata; import hudson.Util; +import hudson.model.Descriptor; import hudson.util.FormValidation; import java.io.IOException; +import java.net.URISyntaxException; +import jenkins.security.FIPS140; import org.hamcrest.Matcher; import org.jenkinsci.plugins.oic.OicServerManualConfiguration.DescriptorImpl; import org.junit.ClassRule; import org.junit.Test; import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.WithoutJenkins; +import org.mockito.MockedStatic; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.hasProperty; import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import static org.jvnet.hudson.test.JenkinsMatchers.hasKind; +import static org.mockito.Mockito.mockStatic; public class OicServerManualConfigurationTest { @@ -91,6 +102,31 @@ public void doCheckEndSessionEndpoint() throws IOException { assertThat(descriptor.doCheckEndSessionUrl("http://localhost.jwks"), hasKind(FormValidation.Kind.OK)); } + @Test + @WithoutJenkins + public void testProviderMetadataWithFips() throws Descriptor.FormException { + OicServerManualConfiguration config = new OicServerManualConfiguration("issuer", "t-url", "a-url"); + try (MockedStatic fips140Mock = mockStatic(FIPS140.class)) { + JWSAlgorithm.Family ed = JWSAlgorithm.Family.ED; + JWSAlgorithm arbitraryEdAlgorithm = (JWSAlgorithm) ed.toArray()[0]; + + fips140Mock.when(FIPS140::useCompliantAlgorithms).thenReturn(true); + OIDCProviderMetadata data = config.toProviderMetadata(); + assertFalse(data.getIDTokenJWSAlgs().contains(arbitraryEdAlgorithm)); + + fips140Mock.when(FIPS140::useCompliantAlgorithms).thenReturn(false); + data = config.toProviderMetadata(); + assertTrue(data.getIDTokenJWSAlgs().contains(arbitraryEdAlgorithm)); + } + } + + @Test + @WithoutJenkins + public void testProviderMetadataWithInvalidURI() throws Descriptor.FormException, URISyntaxException { + OicServerManualConfiguration config = new OicServerManualConfiguration("issuer", "t-url", "inv%alid"); + assertThrows(IllegalStateException.class, () -> config.toProviderMetadata()); + } + private static DescriptorImpl getDescriptor() { return (DescriptorImpl) jenkinsRule.jenkins.getDescriptor(OicServerManualConfiguration.class); }