[ELY-2797] check for null Boolean and return boolean #2187
Conversation
http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java
Show resolved
Hide resolved
| * Test OIDC json config class properly returns boolean values. | ||
| */ | ||
| public class OidcProviderMetadataTest { | ||
| private OidcProviderMetadata oidcSecRealm; |
There was a problem hiding this comment.
Just minor, but since this represents the provider metadata, I think oidcProviderMetadata would be better than oidcSecRealm.
|
|
||
| @Test | ||
| public void testClaimsParameterSupported() throws Exception { | ||
| assertFalse(oidcSecRealm.getClaimsParameterSupported()); |
There was a problem hiding this comment.
The OIDC provider metadata gets created by sending a request to the OIDC provider's /.well-known endpoint and then using JsonSerialization#readValue (as seen here https://github.com/wildfly-security/wildfly-elytron/blob/2.x/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfiguration.java#L273) to parse what we get back from the well-known endpoint into the OidcProviderMetadata object.
I'm wondering if we can update these tests to make use of JsonSerialization#readValue to more closely mimic what happens in the code.
To do that, I'm wondering if we can call JsonSerialization#readValue directly with a string value for the metadata and that way we can control what options are specified/not specified in our string.
To get a sample string value to work with, you could try setting up a Keycloak OpenID provider locally (following the steps from one of the OIDC blog posts), try to hit the well-known endpoint, e.g., http://localhost:<KEYCLOAK_PORT>/realms/myrealm/.well-known/openid-configuration to get sample OIDC provider metadata.
We can then create hardcoded provider metadata strings to be used for these tests to test the case where these boolean options are present and not present.
Does that make sense?
rsearls
force-pushed
the
ELY-2797-NullPointerException-request_parameter_supported
branch
from
3c56fcc
to
fbbdf77
Compare
| @@ -0,0 +1,330 @@ | |||
| /* | |||
| * JBoss, Home of Professional Open Source. | |||
| * Copyright 2020 Red Hat, Inc., and individual contributors | |||
| @@ -330,7 +330,7 @@ public void setClaimTypesSupported(List<String> claimTypesSupported) { | |||
| } | |||
|
|
|||
| public Boolean getClaimsParameterSupported() { | |||
There was a problem hiding this comment.
Since OidcProviderMetadata is currently private API, let's go ahead and change the return values from Boolean to boolean as well.
http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcProviderMetadataTest.java
Show resolved
Hide resolved
rsearls
force-pushed
the
ELY-2797-NullPointerException-request_parameter_supported
branch
from
fbbdf77
to
8362c43
Compare
| @Test | ||
| public void testIssuer() throws Exception { | ||
| assertTrue("http://localhost:8080/realms/myrealm".equals(oidcProviderMetadata.getIssuer())); | ||
| assertNull(emptyOidcProviderMetadata.getIssuer()); |
There was a problem hiding this comment.
Would it make sense to add an assertion here for withoutBooleansProviderMetaData? That way, we are testing the expected values for all three cases (control data, empty, control data modified to leave out some options) in each test case.
| ",\"id_token_encryption_alg_values_supported\":[\"RSA-OAEP\",\"RSA-OAEP-256\",\"RSA1_5\"]\n" + | ||
| ",\"id_token_encryption_enc_values_supported\":[\"A256GCM\"]\n" + | ||
| ",\"userinfo_signing_alg_values_supported\":[\"PS384\",\"none\"]\n" + | ||
| ",\"request_object_signing_alg_values_supported\":[\"PS384\",\"none\"]\n" + |
There was a problem hiding this comment.
Let's also remove the other options that were introduced in ELY-2584 since it's also optional for the provider to include these in the metadata:
- request_object_signing_alg_values_supported
- request_object_encryption_enc_values_supported
- request_object_encryption_alg_values_supported
- pushed_authorization_request_endpoint
rsearls
force-pushed
the
ELY-2797-NullPointerException-request_parameter_supported
branch
from
8362c43
to
b4f6712
Compare
| public void testRequestObjectEncryptionAlgValuesSupported() throws Exception { | ||
| List<String> l = oidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported(); | ||
| assertTrue(l.contains("RSA1_5")); | ||
| assertNull(emptyOidcProviderMetadata.getRequestObjectEncryptionAlgValuesSupported()); |
There was a problem hiding this comment.
I think this needs an assertNull for withoutBooleansProviderMetaData.
| public void testRequestObjectEncryptionEncValuesSupported() throws Exception { | ||
| List<String> l = oidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported(); | ||
| assertTrue(l.contains("A192GCM")); | ||
| assertNull(emptyOidcProviderMetadata.getRequestObjectEncryptionEncValuesSupported()); |
There was a problem hiding this comment.
I think this needs an assertNull for withoutBooleansProviderMetaData.
| @Test | ||
| public void testPushedAuthorizationRequestEndpoint() throws Exception { | ||
| assertTrue("http://localhost:8080/realms/myrealm/protocol/openid-connect/ext/par/request".equals(oidcProviderMetadata.getPushedAuthorizationRequestEndpoint())); | ||
| assertNull(emptyOidcProviderMetadata.getPushedAuthorizationRequestEndpoint()); |
There was a problem hiding this comment.
I think this needs an assertNull for withoutBooleansProviderMetaData.
| public void testRequestObjectSigningAlgValuesSupported() throws Exception { | ||
| List<String> l = oidcProviderMetadata.getRequestObjectSigningAlgValuesSupported(); | ||
| assertTrue(l.contains("RS384")); | ||
| assertNull(emptyOidcProviderMetadata.getRequestObjectSigningAlgValuesSupported()); |
There was a problem hiding this comment.
I think this needs an assertNull for withoutBooleansProviderMetaData.
| public class OidcProviderMetadataTest { | ||
| private static OidcProviderMetadata oidcProviderMetadata; | ||
| private static OidcProviderMetadata emptyOidcProviderMetadata; | ||
| private static OidcProviderMetadata withoutBooleansOidcProviderMetadata; |
There was a problem hiding this comment.
Maybe just to make it more clear, we could rename withoutBooleansOidcProviderMetatdata withoutOptionalsOidcProviderMetadata (since some of the values that are optional aren't booleans).
rsearls
force-pushed
the
ELY-2797-NullPointerException-request_parameter_supported
branch
from
b4f6712
to
882fae7
Compare
https://issues.redhat.com/browse/ELY-2797 NullPointerException in
OidcClientConfiguration.resolveUrls if parameter "request_parameter_supported"
is not present in openid-configuration