From 5569652fff8d3c987dfbf64cffc1dc2753ab4206 Mon Sep 17 00:00:00 2001
From: William Denniss <wdenniss@google.com>
Date: Thu, 4 May 2017 14:03:05 -0700
Subject: [PATCH] Register with id_token_signed_response_alg:none.

---
 UnitTests/OIDRPProfileCode.m | 77 +++++++++++++++++++++++++++++-------
 1 file changed, 62 insertions(+), 15 deletions(-)

diff --git a/UnitTests/OIDRPProfileCode.m b/UnitTests/OIDRPProfileCode.m
index 957b42fb0..7a3c3e1f8 100644
--- a/UnitTests/OIDRPProfileCode.m
+++ b/UnitTests/OIDRPProfileCode.m
@@ -131,7 +131,10 @@ - (void)doRegistrationWithIssuer:(NSURL *)issuer callback:(PostRegistrationCallb
                                                    grantTypes:nil
                                                   subjectType:nil
                                       tokenEndpointAuthMethod:@"client_secret_basic"
-                                         additionalParameters:nil];
+                                         additionalParameters:@{@"id_token_signed_response_alg": @"none"}];
+
+    [self certificationLog:@"Registration request: %@", request];
+
     // performs registration request
     [OIDAuthorizationService performRegistrationRequest:request
         completion:^(OIDRegistrationResponse *_Nullable regResp, NSError *_Nullable error) {
@@ -160,20 +163,18 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test completion:(CodeExchangeCom
 - (void)codeFlowWithExchangeForTest:(NSString *)test
                               scope:(NSArray<NSString *> *)scope
                          completion:(CodeExchangeCompletion)completion {
-  
-  [kTestURIBase stringByAppendingString:test];
-  
+
   NSString *issuerString = [kTestURIBase stringByAppendingString:test];
-  
+
   XCTestExpectation *expectation =
   [self expectationWithDescription:@"Discovery and registration should complete."];
   XCTestExpectation *auth_complete =
   [self expectationWithDescription:@"Authorization should complete."];
   XCTestExpectation *token_exchange =
   [self expectationWithDescription:@"Token Exchange should complete."];
-  
+
   NSURL *issuer = [NSURL URLWithString:issuerString];
-  
+
   [self doRegistrationWithIssuer:issuer callback:^(OIDServiceConfiguration *configuration,
                                                    OIDRegistrationResponse *registrationResponse,
                                                    NSError *error) {
@@ -181,7 +182,7 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test
     XCTAssertNotNil(configuration);
     XCTAssertNotNil(registrationResponse);
     XCTAssertNil(error);
-    
+
     NSURL *redirectURI = [NSURL URLWithString:kRedirectURI];
     // builds authentication request
     OIDAuthorizationRequest *request =
@@ -192,12 +193,12 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test
                                                redirectURL:redirectURI
                                               responseType:OIDResponseTypeCode
                                       additionalParameters:nil];
-    
+
     _coordinator = [[OIDAuthorizationUICoordinatorNonInteractive alloc] init];
-    
+
     [self certificationLog:@"Initiating authorization request: %@",
      [request authorizationRequestURL]];
-    
+
     [OIDAuthorizationService
      presentAuthorizationRequest:request
      UICoordinator:_coordinator
@@ -206,20 +207,20 @@ - (void)codeFlowWithExchangeForTest:(NSString *)test
        [auth_complete fulfill];
        XCTAssertNotNil(authorizationResponse);
        XCTAssertNil(error);
-       
+
        OIDTokenRequest *tokenExchangeRequest = [authorizationResponse tokenExchangeRequest];
        [OIDAuthorizationService
         performTokenRequest:tokenExchangeRequest
         originalAuthorizationResponse:authorizationResponse
         callback:^(OIDTokenResponse *_Nullable tokenResponse,
                    NSError *_Nullable tokenError) {
-          
+
           [token_exchange fulfill];
-          
+
           completion(authorizationResponse, tokenResponse, tokenError);
         }];
      }];
-    
+
   }];
   [self waitForExpectationsWithTimeout:30 handler:nil];
 }
@@ -441,6 +442,52 @@ - (void)testRP_scope_userinfo_claims {
   }];
 }
 
+- (void)testRP_id_token_kid_absent_single_jwks {
+  NSString *testName = @"rp-id_token-kid-absent-single-jwks";
+  [self skippedTest:testName];
+}
+- (void)testRP_id_token_kid_absent_multiple_jwks {
+  NSString *testName = @"rp-id_token-kid-absent-multiple-jwks";
+  [self skippedTest:testName];
+}
+- (void)testRP_rp_id_token_bad_sig_rs256 {
+  NSString *testName = @"rp-id_token-bad-sig-rs256";
+  [self skippedTest:testName];
+}
+
+- (void)testRP_id_token_sig_rs256 {
+  NSString *testName = @"rp-id_token-sig-rs256";
+  [self skippedTest:testName];
+}
+
+- (void)skippedTest:(NSString *)testName {
+  [self startCertificationTest:testName];
+
+  NSString *issuerString = [kTestURIBase stringByAppendingString:testName];
+
+  XCTestExpectation *expectation =
+    [self expectationWithDescription:@"Discovery and registration should complete."];
+
+  NSURL *issuer = [NSURL URLWithString:issuerString];
+
+  [self doRegistrationWithIssuer:issuer callback:^(OIDServiceConfiguration *configuration,
+                                                   OIDRegistrationResponse *registrationResponse,
+                                                   NSError *error) {
+    [expectation fulfill];
+
+    XCTAssertNil(registrationResponse);
+    XCTAssertNotNil(error);
+
+    if (error) {
+      [self certificationLog:@"Registration error: %@", error];
+      [self certificationLog:@"SKIP. With id_token_signed_response_alg set to `none` in registration, error recieved and test skipped."];
+    }
+
+  }];
+  [self waitForExpectationsWithTimeout:30 handler:nil];
+}
+
+
 /*! @brief Creates a log file to record the certification logs.
     @param testName The test ID used to configure the test server.
  */