Skip to content

Commit

Permalink
v.1.10.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@damikael
damikael authored Oct 19, 2023
2 parents 0ff9503 + 3d55ac1 commit debfc15
Show file tree
Hide file tree
Showing 24 changed files with 489 additions and 102 deletions.
2 changes: 1 addition & 1 deletion src/server/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "spid-oidc-check-op",
"version": "1.9.1",
"version": "1.10.0",
"description": "SPID OIDC Conformance Test Tool for OP",
"main": "spid-oidc-check-op",
"author": "Michele D'Amico (damikael) - AgID",
Expand Down
32 changes: 21 additions & 11 deletions src/test/1.1.0.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,30 @@ class Test_1_1_0 extends TestMetadata {

async exec() {
super.exec();
let issuer = this.metadata.configuration.issuer;
if(issuer.substring(issuer.length-1)=='/') {
issuer = issuer.substring(0, issuer.length-1);
}

if(
this.metadata.url==(issuer + "/.well-known/openid-configuration")
|| this.metadata.url==(issuer + "/.well-known/openid-configuration/")
) {
this.notes = issuer + "/.well-known/openid-configuration";
if(this.metadata.type=='federation') {

this.notes = "N/A - metadata is provided as openid-federation";
return true;

} else {
this.notes = this.metadata.url + " != " + issuer + "/.well-known/openid-configuration";
throw("Document URL is not <issuer>/.well-known/openid-configuration");

let issuer = this.metadata.configuration.issuer;
if(issuer.substring(issuer.length-1)=='/') {
issuer = issuer.substring(0, issuer.length-1);
}

if(
this.metadata.url==(issuer + "/.well-known/openid-configuration")
|| this.metadata.url==(issuer + "/.well-known/openid-configuration/")
) {
this.notes = issuer + "/.well-known/openid-configuration";
return true;
} else {
this.notes = this.metadata.url + " != " + issuer + "/.well-known/openid-configuration";
throw("Document URL is not <issuer>/.well-known/openid-configuration");
}

}
}

Expand Down
19 changes: 14 additions & 5 deletions src/test/1.1.1.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,21 @@ class Test_1_1_1 extends TestMetadata {

async exec() {
super.exec();
let response = await axios.get(this.metadata.url);
if(response.status!=200) {
this.notes = response.status;
throw("The HTTP Status Code is not 200 OK");
} else {

if(this.metadata.type=='federation') {

this.notes = "N/A - metadata is provided as openid-federation";
return true;

} else {

let response = await axios.get(this.metadata.url);
if(response.status!=200) {
this.notes = response.status;
throw("The HTTP Status Code is not 200 OK");
} else {
return true;
}
}
}

Expand Down
17 changes: 13 additions & 4 deletions src/test/1.1.2.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,20 @@ class Test_1_1_2 extends TestMetadata {

async exec() {
super.exec();
let response = await axios.get(this.metadata.url);
if(!validator.isJSON(JSON.stringify(response.data))) {
throw("The document is not a valid JSON document");
} else {

if(this.metadata.type=='federation') {

this.notes = "N/A - metadata is provided as openid-federation";
return true;

} else {

let response = await axios.get(this.metadata.url);
if(!validator.isJSON(JSON.stringify(response.data))) {
throw("The document is not a valid JSON document");
} else {
return true;
}
}
}

Expand Down
21 changes: 15 additions & 6 deletions src/test/1.1.3.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,22 @@ class Test_1_1_3 extends TestMetadata {

async exec() {
super.exec();
let response = await axios.get(this.metadata.url);
if(!response.headers['content-type'].includes('application/json')) {
this.notes = response.headers['content-type'];
throw("Content-Type is not 'application/json'");
} else {
this.notes = response.headers['content-type'];

if(this.metadata.type=='federation') {

this.notes = "N/A - metadata is provided as openid-federation";
return true;

} else {

let response = await axios.get(this.metadata.url);
if(!response.headers['content-type'].includes('application/json')) {
this.notes = response.headers['content-type'];
throw("Content-Type is not 'application/json'");
} else {
this.notes = response.headers['content-type'];
return true;
}
}
}

Expand Down
33 changes: 22 additions & 11 deletions src/test/1.2.0.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,26 +6,37 @@ class Test_1_2_0 extends TestMetadata {
super(metadata);
this.num = '1.2.0';
this.description =
'Document URL MUST be <issuer>/.well-known/openid-federation';
'Document URL MUST be &lt;issuer&gt;/.well-known/openid-federation';
this.validation = 'automatic';
}

async exec() {
super.exec();
this.issuer = this.metadata.configuration.issuer;
if (this.issuer.substring(issuer.length - 1) == '/') {
this.issuer = this.issuer.substring(0, this.issuer.length - 1);
}

this.notes = this.metadata.url;
if(this.metadata.type=='configuration') {

if (
this.notes == `${this.issuer}/.well-known/openid-federation` ||
this.notes == `${this.issuer}/.well-known/openid-federation/`
) {
this.notes = "N/A - metadata is provided as openid-configuration";
return true;

} else {
throw 'Document URL is not <issuer>/.well-known/openid-federation';

let issuer = this.metadata.configuration.issuer;
if (issuer.substring(issuer.length - 1) == '/') {
issuer = issuer.substring(0, issuer.length - 1);
}

this.notes = this.metadata.url;

if (
this.notes == `${issuer}/.well-known/openid-federation` ||
this.notes == `${issuer}/.well-known/openid-federation/`
) {
return true;

} else {
throw 'Document URL is not &lt;issuer&gt;/.well-known/openid-federation';
}

}
}
}
Expand Down
18 changes: 14 additions & 4 deletions src/test/1.2.4.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,21 @@ class Test_1_2_4 extends TestMetadata {
throw "returned document is not a valid JWT";
}

let jwks = (await axios.get(this.metadata.configuration.jwks_uri)).data;
let jwks = this.metadata.configuration.jwks;

if (jwks.keys == null || jwks.keys == "") {
this.notes = jwks;
throw "JWKS not found";

if(this.metadata.signed_jwks_uri == null || this.metadata.signed_jwks_uri == '') {
this.notes = this.metadata.configuration;
throw "JWKS not found";

} else {
// TODO
//jwks = (await axios.get(this.metadata.configuration.signed_jwks_uri)).data;

this.notes = this.metadata.signed_jwks_uri;
throw "test for signed_jwks_uri is not implemented. Please contact AgID. Thanks";
}
}

let keystore = jose.JWK.createKeyStore();
Expand All @@ -48,7 +58,7 @@ class Test_1_2_4 extends TestMetadata {
returnedDocument
);

this.notes = returnedDocumentVerified;
this.notes = jwks;

if (!this.notes) {
throw "document not verifiable";
Expand Down
14 changes: 8 additions & 6 deletions src/test/1.5.0.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ class Test_1_5_0 extends TestMetadata {
constructor(metadata) {
super(metadata);
this.num = "1.5.0";
this.description = "The id_token_signing_alg_values_supported MUST be ['RS256', 'RS512']";
this.description = "The id_token_signing_alg_values_supported MUST contain ['RS256', 'RS512']";
this.validation = "automatic";
}

Expand All @@ -18,12 +18,14 @@ class Test_1_5_0 extends TestMetadata {
throw("the claim id_token_signing_alg_values_supported is not present");
}

if(!(this.metadata.configuration.id_token_signing_alg_values_supported.length==2
&& this.metadata.configuration.id_token_signing_alg_values_supported.includes('RS256')
&& this.metadata.configuration.id_token_signing_alg_values_supported.includes('RS512')
)) {
if(!this.metadata.configuration.id_token_signing_alg_values_supported.includes('RS256')) {
this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
throw("the claim id_token_signing_alg_values_supported is not ['RS256', 'RS512']");
throw("the claim id_token_signing_alg_values_supported does not contain 'RS256'");
}

if(!this.metadata.configuration.id_token_signing_alg_values_supported.includes('RS512')) {
this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
throw("the claim id_token_signing_alg_values_supported does not contain 'RS512'");
}

this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
Expand Down
14 changes: 8 additions & 6 deletions src/test/1.5.1.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ class Test_1_5_1 extends TestMetadata {
constructor(metadata) {
super(metadata);
this.num = "1.5.1";
this.description = "The id_token_encryption_alg_values_supported MUST be ['RSA-OAEP', 'RSA-OAEP-256']";
this.description = "The id_token_encryption_alg_values_supported MUST contain ['RSA-OAEP', 'RSA-OAEP-256']";
this.validation = "automatic";
}

Expand All @@ -23,12 +23,14 @@ class Test_1_5_1 extends TestMetadata {
//throw("the claim id_token_encryption_alg_values_supported is not present");
}

if(!(this.metadata.configuration.id_token_encryption_alg_values_supported.length==2
&& this.metadata.configuration.id_token_encryption_alg_values_supported.includes('RSA-OAEP')
&& this.metadata.configuration.id_token_encryption_alg_values_supported.includes('RSA-OAEP-256')
)) {
if(!this.metadata.configuration.id_token_encryption_alg_values_supported.includes('RSA-OAEP')) {
this.notes = this.metadata.configuration.id_token_encryption_alg_values_supported;
throw("the claim id_token_encryption_alg_values_supported is not ['RSA-OAEP', 'RSA-OAEP-256']");
throw("the claim id_token_encryption_alg_values_supported does not contain 'RSA-OAEP'");
}

if(!this.metadata.configuration.id_token_encryption_alg_values_supported.includes('RSA-OAEP-256')) {
this.notes = this.metadata.configuration.id_token_encryption_alg_values_supported;
throw("the claim id_token_encryption_alg_values_supported does not contain 'RSA-OAEP-256'");
}

this.notes = this.metadata.configuration.id_token_encryption_alg_values_supported;
Expand Down
49 changes: 49 additions & 0 deletions src/test/1.5.10.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
const TestMetadata = require('../server/lib/test/TestMetadata.js');

class Test_1_5_10 extends TestMetadata {

constructor(metadata) {
super(metadata);
this.num = "1.5.10";
this.description = "The id_token_signing_alg_values_supported MUST NOT contain ['none', 'HS256', 'HS384', 'HS512']";
this.validation = "automatic";
}

async exec() {
super.exec();

if(this.metadata.configuration.id_token_signing_alg_values_supported==null
|| this.metadata.configuration.id_token_signing_alg_values_supported=='') {
this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
throw("the claim id_token_signing_alg_values_supported is not present");
}

if(this.metadata.configuration.id_token_signing_alg_values_supported.includes('none')) {
this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
throw("the claim id_token_signing_alg_values_supported must not contain 'none'");
}

if(this.metadata.configuration.id_token_signing_alg_values_supported.includes('HS256')) {
this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
throw("the claim id_token_signing_alg_values_supported must not contain 'HS256'");
}

if(this.metadata.configuration.id_token_signing_alg_values_supported.includes('HS384')) {
this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
throw("the claim id_token_signing_alg_values_supported must not contain 'HS384'");
}

if(this.metadata.configuration.id_token_signing_alg_values_supported.includes('HS512')) {
this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
throw("the claim id_token_signing_alg_values_supported must not contain 'HS512'");
}


this.notes = this.metadata.configuration.id_token_signing_alg_values_supported;
return true;

}

}

module.exports = Test_1_5_10
38 changes: 38 additions & 0 deletions src/test/1.5.11.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
const TestMetadata = require('../server/lib/test/TestMetadata.js');

class Test_1_5_11 extends TestMetadata {

constructor(metadata) {
super(metadata);
this.num = "1.5.11";
this.description = "If present, the id_token_encryption_alg_values_supported MUST NOT contain ['RSA_1_5']";
this.validation = "automatic";
}

async exec() {
super.exec();

if(this.metadata.configuration.id_token_encryption_alg_values_supported==null
|| this.metadata.configuration.id_token_encryption_alg_values_supported=='') {

// encryption of id_token is optional
this.notes = "the claim id_token_encryption_alg_values_supported is not present";
return true;

//this.notes = this.metadata.configuration.id_token_encryption_alg_values_supported;
//throw("the claim id_token_encryption_alg_values_supported is not present");
}

if(this.metadata.configuration.id_token_encryption_alg_values_supported.includes('RSA_1_5')) {
this.notes = this.metadata.configuration.id_token_encryption_alg_values_supported;
throw("the claim id_token_encryption_alg_values_supported must not contain 'RSA_1_5'");
}

this.notes = this.metadata.configuration.id_token_encryption_alg_values_supported;
return true;

}

}

module.exports = Test_1_5_11
Loading

0 comments on commit debfc15

Please sign in to comment.