Register with id_token_signed_response_alg:none.

openid · May 21, 2017 · 5569652 · 5569652
1 parent 6208b1f
commit 5569652
Showing 1 changed file with 62 additions and 15 deletions.
diff --git a/UnitTests/OIDRPProfileCode.m b/UnitTests/OIDRPProfileCode.m
@@ -131,7 +131,10 @@ - (void)doRegistrationWithIssuer:(NSURL *)issuer callback:(PostRegistrationCallb
                                                    grantTypes:nil
                                                   subjectType:nil
                                       tokenEndpointAuthMethod:@"client_secret_basic"
-                                         additionalParameters:nil];
+                                         additionalParameters:@{@"id_token_signed_response_alg": @"none"}];
+
+    [self certificationLog:@"Registration request: %@", request];
+
     // performs registration request
     [OIDAuthorizationService performRegistrationRequest:request
         completion:^(OIDRegistrationResponse *_Nullable regResp, NSError *_Nullable error) {
@@ -160,28 +163,26 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test completion:(CodeExchangeCom
 - (void)codeFlowWithExchangeForTest:(NSString *)test
                               scope:(NSArray<NSString *> *)scope
                          completion:(CodeExchangeCompletion)completion {
-
-  [kTestURIBase stringByAppendingString:test];
-
+
   NSString *issuerString = [kTestURIBase stringByAppendingString:test];
-  
+
   XCTestExpectation *expectation =
   [self expectationWithDescription:@"Discovery and registration should complete."];
   XCTestExpectation *auth_complete =
   [self expectationWithDescription:@"Authorization should complete."];
   XCTestExpectation *token_exchange =
   [self expectationWithDescription:@"Token Exchange should complete."];
-  
+
   NSURL *issuer = [NSURL URLWithString:issuerString];
-  
+
   [self doRegistrationWithIssuer:issuer callback:^(OIDServiceConfiguration *configuration,
                                                    OIDRegistrationResponse *registrationResponse,
                                                    NSError *error) {
     [expectation fulfill];
     XCTAssertNotNil(configuration);
     XCTAssertNotNil(registrationResponse);
     XCTAssertNil(error);
-    
+
     NSURL *redirectURI = [NSURL URLWithString:kRedirectURI];
     // builds authentication request
     OIDAuthorizationRequest *request =
@@ -192,12 +193,12 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test
                                                redirectURL:redirectURI
                                               responseType:OIDResponseTypeCode
                                       additionalParameters:nil];
-    
+
     _coordinator = [[OIDAuthorizationUICoordinatorNonInteractive alloc] init];
-    
+
     [self certificationLog:@"Initiating authorization request: %@",
      [request authorizationRequestURL]];
-    
+
     [OIDAuthorizationService
      presentAuthorizationRequest:request
      UICoordinator:_coordinator
@@ -206,20 +207,20 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test
        [auth_complete fulfill];
        XCTAssertNotNil(authorizationResponse);
        XCTAssertNil(error);
-       
+
        OIDTokenRequest *tokenExchangeRequest = [authorizationResponse tokenExchangeRequest];
        [OIDAuthorizationService
         performTokenRequest:tokenExchangeRequest
         originalAuthorizationResponse:authorizationResponse
         callback:^(OIDTokenResponse *_Nullable tokenResponse,
                    NSError *_Nullable tokenError) {
-          
+
           [token_exchange fulfill];
-          
+
           completion(authorizationResponse, tokenResponse, tokenError);
         }];
      }];
-    
+
   }];
   [self waitForExpectationsWithTimeout:30 handler:nil];
 }
@@ -441,6 +442,52 @@ - (void)testRP_scope_userinfo_claims {
   }];
 }
 
+- (void)testRP_id_token_kid_absent_single_jwks {
+  NSString *testName = @"rp-id_token-kid-absent-single-jwks";
+  [self skippedTest:testName];
+}
+- (void)testRP_id_token_kid_absent_multiple_jwks {
+  NSString *testName = @"rp-id_token-kid-absent-multiple-jwks";
+  [self skippedTest:testName];
+}
+- (void)testRP_rp_id_token_bad_sig_rs256 {
+  NSString *testName = @"rp-id_token-bad-sig-rs256";
+  [self skippedTest:testName];
+}
+
+- (void)testRP_id_token_sig_rs256 {
+  NSString *testName = @"rp-id_token-sig-rs256";
+  [self skippedTest:testName];
+}
+
+- (void)skippedTest:(NSString *)testName {
+  [self startCertificationTest:testName];
+
+  NSString *issuerString = [kTestURIBase stringByAppendingString:testName];
+
+  XCTestExpectation *expectation =
+    [self expectationWithDescription:@"Discovery and registration should complete."];
+
+  NSURL *issuer = [NSURL URLWithString:issuerString];
+
+  [self doRegistrationWithIssuer:issuer callback:^(OIDServiceConfiguration *configuration,
+                                                   OIDRegistrationResponse *registrationResponse,
+                                                   NSError *error) {
+    [expectation fulfill];
+
+    XCTAssertNil(registrationResponse);
+    XCTAssertNotNil(error);
+
+    if (error) {
+      [self certificationLog:@"Registration error: %@", error];
+      [self certificationLog:@"SKIP. With id_token_signed_response_alg set to `none` in registration, error recieved and test skipped."];
+    }
+
+  }];
+  [self waitForExpectationsWithTimeout:30 handler:nil];
+}
+
+
 /*! @brief Creates a log file to record the certification logs.
     @param testName The test ID used to configure the test server.
  */