udap_security_test_kit 0.10.3 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/presets/SureFhirIdentityMatchingDemo.json +272 -0
- data/lib/udap_security_test_kit/authorization_code_authentication_group.rb +33 -38
- data/lib/udap_security_test_kit/authorization_code_group.rb +2 -8
- data/lib/udap_security_test_kit/client_credentials_authentication_group.rb +33 -38
- data/lib/udap_security_test_kit/client_credentials_group.rb +2 -8
- data/lib/udap_security_test_kit/dynamic_client_registration_group.rb +0 -1
- data/lib/udap_security_test_kit/igs/put_ig_package_dot_tgz_here +0 -0
- data/lib/udap_security_test_kit/metadata.rb +32 -0
- data/lib/udap_security_test_kit/udap_jwt_builder.rb +1 -1
- data/lib/udap_security_test_kit/version.rb +1 -1
- data/lib/udap_security_test_kit.rb +9 -17
- metadata +10 -7
- data/lib/udap_security_test_kit/generate_client_certs_test.rb +0 -60
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 191991de0d6424f3f08d07ef03bb5609a2fad336acdde0f61e4a62de7786fdd2
|
|
4
|
+
data.tar.gz: f65208486d7cea656ce8aa10f54cffc0ec885200703ce753e7d6c179e111a533
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d47d7583522b6f734d6048333dc9e127f21f503e0ed0369872a3af86f40c36d904c1ab50d00b886ff3d49158be427b6638f3f3e54f3ac24070ca5bb664276fc7
|
|
7
|
+
data.tar.gz: 868a2a47d0c8575db14b97327027b2221e19367ac6daa37376992b7bf6cbc87c905327351c7f2233b1b62507765e4a389c86e4e61e2c280e356b367f0ace89fa
|
|
@@ -0,0 +1,272 @@
|
|
|
1
|
+
{
|
|
2
|
+
"title": "Demo: SureFhir Certs + IdentityMatching Server",
|
|
3
|
+
"id": null,
|
|
4
|
+
"test_suite_id": "udap_security",
|
|
5
|
+
"inputs": [
|
|
6
|
+
{
|
|
7
|
+
"name": "udap_fhir_base_url",
|
|
8
|
+
"value": "https://identity-matching.fast.hl7.org/fhir",
|
|
9
|
+
"_title": "FHIR Server Base URL",
|
|
10
|
+
"_description": "Base FHIR URL of FHIR Server. Discovery request will be sent to {baseURL}/.well-known/udap",
|
|
11
|
+
"_type": "text"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"name": "udap_community_parameter",
|
|
15
|
+
"value": "udap://stage.healthtogo.me/",
|
|
16
|
+
"_title": "UDAP Community Parameter",
|
|
17
|
+
"_description": "If included, the designated community value will be appended as a query to the well-known\n endpoint to indicate the client's trust of certificates from this trust community.",
|
|
18
|
+
"_type": "text",
|
|
19
|
+
"_optional": true
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"name": "flow_type_auth_code",
|
|
23
|
+
"value": [
|
|
24
|
+
"authorization_code"
|
|
25
|
+
],
|
|
26
|
+
"_title": "Required OAuth2.0 Flow Type for Authorization Code Workflow",
|
|
27
|
+
"_description": "Which grant type(s) must be supported per the returned Discovery metadata",
|
|
28
|
+
"_type": "checkbox",
|
|
29
|
+
"_optional": false,
|
|
30
|
+
"_options": {
|
|
31
|
+
"list_options": [
|
|
32
|
+
{
|
|
33
|
+
"label": "Authorization Code",
|
|
34
|
+
"value": "authorization_code"
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
"label": "Client Credentials",
|
|
38
|
+
"value": "client_credentials"
|
|
39
|
+
}
|
|
40
|
+
]
|
|
41
|
+
},
|
|
42
|
+
"_locked": true
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"name": "udap_server_trust_anchor_certs",
|
|
46
|
+
"value": "-----BEGIN CERTIFICATE-----\nMIIF4DCCA8igAwIBAgIIC7cAbiIvVFwwDQYJKoZIhvcNAQELBQAwgZgxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU2FuIERpZWdvMRMwEQYDVQQK\nEwpFTVIgRGlyZWN0MTYwNAYDVQQLEy1DZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAo\nY2VydHMuZW1yZGlyZWN0LmNvbSkxGzAZBgNVBAMTEkVNUiBEaXJlY3QgVGVzdCBD\nQTAeFw0xNDA0MjQxNjI5MjBaFw0yOTA0MjQxNjI5MjBaMIGzMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU2FuIERpZWdvMRMwEQYD\nVQQKDApFTVIgRGlyZWN0MT8wPQYDVQQLDDZUZXN0IFBLSSBDZXJ0aWZpY2F0aW9u\nIEF1dGhvcml0eSAoY2VydHMuZW1yZGlyZWN0LmNvbSkxJTAjBgNVBAMMHEVNUiBE\naXJlY3QgVGVzdCBDbGllbnQgU3ViQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\nggEKAoIBAQCPwkP36KVBwdb9dNsKAhqEoVtMEdL4Ee01tB7y6gIINi3ZGbqhw/lF\nJjRS/fi+SqN8SkjZMkLl6ET9aTM5W+y7aXl+3iqn+dKsesS+kinTAfD4cSI2R4WK\n5HBomEf+PR3scewFKMBbguYW2I42tKPLMwI6L+kMRlQhI3sK4Fyj6M6gUqPaKlx7\nsGPQ/qr8PLwU3doCrC65avSmuC+y5jpbCkJ1kk+g4DLcO+TXx8oC2aVrMRFdD+lx\nNiShdlo5hzhiIGUZmyVe08vLTLB9LGCHz1w9+oqteco4aerYbOlZQxe9d0f7xlZa\nhj7DDfmkqLEFKRQXOJFQtcdCFp3XrXbDAgMBAAGjggEPMIIBCzBQBggrBgEFBQcB\nAQREMEIwQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0cy5lbXJkaXJlY3QuY29tL2Nl\ncnRzL0VNUkRpcmVjdFRlc3RDQS5jcnQwHQYDVR0OBBYEFKOVbWu9K1HN4c/lkG/X\nJk+/3T7eMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUMdaEL0mYbgAB0Geh\n+J4csG+noqwwEQYDVR0gBAowCDAGBgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0\ndHA6Ly9jZXJ0cy5lbXJkaXJlY3QuY29tL2NybC9FTVJEaXJlY3RUZXN0Q0EuY3Js\nMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAKAjGzW0AEdMKRjKx\niEzS5SQqmHmAYmajowd38wac4udD3TMvf3tHMZfkGy3ulZSQ40LyjXa60s9/5508\nbwFGHBejyfo1vnc2FJA/0KcmlKzhwhmpe7QoZ1T7uWwG+Y98TRzL7wF8mzCUT+Fe\nMFP35xL3IIJ3CKzIkC9Wv+6kSgkobNoAJyUECbVtmxJer2/LmzfXsYI0NQ3QmeZL\npYoo4EOmIXpoWUSeZHh3av3guoy16s+bs5UuFQ2NfJeuD1n+uQBaNRchR3DxshEK\n66RiKu+QjdBrq0aoTXIT2MYKGiVEbYQlJuDuxilXLYlcYTcDpPIS7hh95bmAxRho\nwgbr3E3dsNgvMuANlgUJno5vyMr9P5zu+kDbJ8nB2fm5/LjXLmNvOy+rj8jCLbuP\nGS/vWxfvi21l4Xfmphi6skeq6JyIUPAm/U6bkR8LF5+/aVoIXUvkRHqbyBzDDDWc\n4+LjI4+INFK+Lxj/cwvh398Ko4LCA0KenJDBFN0Je/rz92uK867sgcQ7dreOK8pf\ngqWulL9H4kCkoZZF4367x2SQVQPWPExefQrpPwk6AlJTHocFqm1TUvmjTwCxmXWr\nztkq2GRxsmT6/2n5TrmHabl6cXDKtmnhS3k9FGFA556YowwJSEm9pKexguxqcyrg\nPPKM/j6ERtHoHDSMKT0frOoawoY=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGZjCCBE6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTYW4gRGllZ28xEzARBgNVBAoTCkVNUiBE\naXJlY3QxNjA0BgNVBAsTLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5IChjZXJ0cy5l\nbXJkaXJlY3QuY29tKTEbMBkGA1UEAxMSRU1SIERpcmVjdCBUZXN0IENBMB4XDTEy\nMDkwNjA0MzEzNloXDTMyMDkwNjA0MzEzNlowgZgxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJDQTESMBAGA1UEBxMJU2FuIERpZWdvMRMwEQYDVQQKEwpFTVIgRGlyZWN0\nMTYwNAYDVQQLEy1DZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoY2VydHMuZW1yZGly\nZWN0LmNvbSkxGzAZBgNVBAMTEkVNUiBEaXJlY3QgVGVzdCBDQTCCAiIwDQYJKoZI\nhvcNAQEBBQADggIPADCCAgoCggIBALugk56Hoot6yEEohbRQdQP6sMTCzXOSgxHr\neYI4h00EhMb8x8VzD/ZCEdgmrwa6y1WE7WaPdTcX/jCd0GNUwgqPz7sLP2NeTA9k\ngn/m0kXvxIgzaEhJntdqdvzHqlhtIMAURAu9erAfMn0giK7zwtSg5bYwC09tyv4d\nRIAX9UuvOpOqJnQk9DRRd64+9EKkX9Zj1lqT0/Wjr0w3jcGYN02dB03T4WARZEug\nzkBzPcmYPLhl09gRrgQg8msgTQi68vR+UKNUoQhRJAkk/CAqkMT8Uzuae/W7utYk\n4/vmiJEHoC7OV7yGa7VrD0HhjDzfs53kdnnzlo6MB+6oGFtIKaMF4D8GVSr+MY/p\na+C2dkqf4y3Pr3hqM3t4vgmr/eg0dhzh9+z4lpEZz9ciWcOXwjmxec3OFanvMOeG\n4OhKRiGIj/mVkDEWlC3tcdP22DtGk/RHGOJHkf6qKFxeNDOFHUdTpiXldAl3cUg9\nBNAlUnWHFwim+byxxVYzmXs/8KfLfOp6xIFjI/eddNE7/avQWoEkOapgUDfaixWi\nI1d40QGKJr0d1Yo+W5VxzzufJp5iC/4EmlYzaK9+dVOtfQGfNWaXmfYa8H7krcrW\ncvp0ando4Reh3a+qpybvBVyRJree1WODQHqs7J2lx9quyVfI3Box3uc/Hw2xxdjx\nV3cUsvd5AgMBAAGjgbgwgbUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAQYwHQYDVR0OBBYEFDHWhC9JmG4AAdBnofieHLBvp6KsMB8GA1UdIwQYMBaAFDHW\nhC9JmG4AAdBnofieHLBvp6KsMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jZXJ0\ncy5lbXJkaXJlY3QuY29tL0VNUkRpcmVjdFRlc3RDQS5jcmwwEQYDVR0gBAowCDAG\nBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4ICAQBsXbY8B7FcIskyeB/CGEI77GaDMDfK\nWGseJJYlJYz2FeIJgPtqdPhzn0jhQUVcwr//gC5j1aARlussG3gMr8OajpSpOqqf\nXEjzuITeq+Hxsp+ursiJXOZKhurY5NJKZ30ulFDxOZ97bWVUYPTfyy1qUrsqnNlW\n8LJcCnNzZ2uDSJn32FugUtWe0EEgRM10/8Q2IJXLuIhEQLbwl6q7PcDiPkT/yVh/\n9L6ul2bO/ZXp7DeSPeOafWOuCoTNbKxgBuljajm2VNB5+Xx/rSuPnoTRhsaXhke+\nnb3ZbGHJ2ZRu/Q45+OB1ws7VednMci25OVo+yVpH8tl2KF9u1JVNtf5mY3//HEwR\n8OfPPRZeQCqquESVrQjZILa6Ot7lVIhoNI6zkZAp3TaWYBi94upVkeA9uqVIC7cB\npiOz+6XXRDdJDMuh6xsA2tq2E5BY51H5pfskXBBGgHxDQ56R3RskZ7q/NaKSiqBA\nInueG7TVW+dR++rT2n9wkzJHKpA+YS0zHodvIoB71KNq1P/9choCMcBrNph5n32C\n8DpOlF+hi3kOkwjwchfkzC5XS+Zio5VYOyCV1C+CYJ7sw1psk1yYAWPm9rnUmfrm\nO27HXv6lW0Z9EpeUu++52CSYjZsx3E4J1FR0TulzsD8BQtFRL6aPfuSg85okOsxw\nb/p0AdITxRO0vQ==\n-----END CERTIFICATE-----",
|
|
47
|
+
"_title": "Auth Server Trust Anchor X509 Certificate(s) (PEM Format)",
|
|
48
|
+
"_description": "\n A list of one or more trust anchor root CA X.509 certificates, separated by a newline. Inferno will use\n these to establish\n trust with the authorization server's certificates provided in the discovery response signed_metadata JWT.\n ",
|
|
49
|
+
"_type": "textarea",
|
|
50
|
+
"_optional": true
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
"name": "udap_auth_code_flow_registration_grant_type",
|
|
54
|
+
"value": "authorization_code",
|
|
55
|
+
"_title": "Client Registration Grant Type",
|
|
56
|
+
"_description": "\n The OAuth2.0 grant type for which this client will register itself. A given client may register as either\n option, but not both.\n ",
|
|
57
|
+
"_type": "radio",
|
|
58
|
+
"_options": {
|
|
59
|
+
"list_options": [
|
|
60
|
+
{
|
|
61
|
+
"label": "Authorization Code",
|
|
62
|
+
"value": "authorization_code"
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"label": "Client Credentials",
|
|
66
|
+
"value": "client_credentials"
|
|
67
|
+
}
|
|
68
|
+
]
|
|
69
|
+
},
|
|
70
|
+
"_locked": true
|
|
71
|
+
},
|
|
72
|
+
{
|
|
73
|
+
"name": "udap_auth_code_flow_client_registration_status",
|
|
74
|
+
"value": "update",
|
|
75
|
+
"_title": "Client Registration Status",
|
|
76
|
+
"_description": "\n If the client's iss and certificate combination has already been registered with the authorization server\n prior to this test run, select 'Update'.\n ",
|
|
77
|
+
"_type": "radio",
|
|
78
|
+
"_options": {
|
|
79
|
+
"list_options": [
|
|
80
|
+
{
|
|
81
|
+
"label": "New Registration (201 Response Code Expected)",
|
|
82
|
+
"value": "new"
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"label": "Update Registration (200 or 201 Response Code Expected)",
|
|
86
|
+
"value": "update"
|
|
87
|
+
}
|
|
88
|
+
]
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
"name": "udap_auth_code_flow_client_cert_pem",
|
|
93
|
+
"value": "-----BEGIN CERTIFICATE-----\nMIIF7jCCA9agAwIBAgIRANwIl2YXy2fVCASfkpDCJvMwDQYJKoZIhvcNAQELBQAw\nfjELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh\nbmQxFDASBgNVBAoTC0ZoaXIgQ29kaW5nMRUwEwYDVQQLEwxJbnRlcm1lZGlhdGUx\nHjAcBgNVBAMTFVN1cmVGaGlyLUludGVybWVkaWF0ZTAeFw0yNTAyMDMyMDU3MDZa\nFw0yNzAyMDMyMDU3MDZaMH4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24x\nETAPBgNVBAcMCFBvcnRsYW5kMRQwEgYDVQQKDAtGaGlyIENvZGluZzENMAsGA1UE\nCwwEVURBUDEmMCQGA1UEAwwdaHR0cHM6Ly9pbmZlcm5vLmhlYWx0aGl0Lmdvdi8w\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDy2kOxArrYZ2XKajkDouih\naTHHhFEI9pMdlpDkp9sYXnZRiNoQwFQ08svjrYNNzJtDFE1HNxKLzv3Ubrg2Ty7E\nEQ26kKC0ChO6oobtkXxEFGT5ynVY9WPockHQClWD00F85Sr5+ftqUBP2rBiDHuWD\n0kNmTjqEnq5G0G4mYr85V1euY/9c3Apubz5BGy1J51AI0043vV/h4baIH2hyEl5R\nEvu5XwjvAgOv6qk0+xDCTBXKxUDeOZjBelxLHxpaCs1y7uiw4Ob/r57QvHgWyerv\nofuCqyBR5mz4aZSdmREkXh2amp9uqA5zEfxrfjkMz1D6wJ43jXANNdp8GgABIOvH\nAgMBAAGjggFlMIIBYTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNV\nHQ4EFgQUDbOUKAfjcENPuV+fTYDkz+TFA/AwHwYDVR0jBBgwFoAUffrWFW01n6A5\nGTggnyqUp2pxKZMwTQYDVR0fBEYwRDBCoECgPoY8aHR0cDovL2NybC5maGlyY2Vy\ndHMubmV0L2NybC9zdXJlZmhpcmxhYnNJbnRlcm1lZGlhdGVDcmwuY3JsMEoGA1Ud\nEQRDMEGGHWh0dHBzOi8vaW5mZXJuby5oZWFsdGhpdC5nb3YvhiBodHRwczovL2lu\nZmVybm8tcWEuaGVhbHRoaXQuZ292LzBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUH\nMAKGSmh0dHA6Ly9jcmwuZmhpcmNlcnRzLm5ldC9jZXJ0cy9pbnRlcm1lZGlhdGVz\nL1N1cmVGaGlyTGFic19JbnRlcm1lZGlhdGUuY2VyMA0GCSqGSIb3DQEBCwUAA4IC\nAQC4PtCfyOouoNmNBtT7sTyv5jMXtgv+kfu9ySepV9KbpOUceQEs9qbrCf3vmn4c\n4T4VGgXtoGHc2GmqdkWFmj37uqfjfR5dQ05SmYprvrI0he5Fe3f3FxzyBhEns69g\nIUay/hMWKLemati0MQ2HOZnY3SusF6qqCYTPYEWeV9sPNDNdgsIq47gPrZsnOlsQ\n6SyFmnmid4K8mJblxZBGpfpIfW6UaluId9WZeRhY39rhKXoxFc08alBfI6WEtTPG\nI6T+azyaVtDm+ypo18d94oLI7rmr/67xEwDFUNrJ2lotueI0Fr3IA2BHNw1BdrX/\nnXr/RRCENdsRnAJ+fhWYVjDCBdqmjF1b386lBWyJSuWlh6CbcEXFDxBN0LPzyWEj\nqIENKnWCWG8QoregV3K0gu1WiHhtNdaDdBAy79sbQ+5i86jMcyjJ0bC16kLz+jeo\nqDBx0oNdH4YVum/Uscyp/bwxznQ7eAg1oyCAeywlQ3eZKTB4Ki3rhfDDnuzDdh4X\nqS7H0/euzP7VIpTy/8QRrgTXCrFubRqZY0axoPDWG6ZrXtxAillVOoUVn6ucrvxf\nLE2BtQRVgNnw58QbP1bNZei5intokoy3V/3+1/En2/HlEv/HZloooUwkbuxkQE97\nb/b3yodmo1lF1qq+zfd6zzk9ERxC+2X9c2g2VCP5LcpJJQ==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGlDCCBHygAwIBAgIRAPAQo572a38pKrE1y3TWITIwDQYJKoZIhvcNAQELBQAw\nbDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh\nbmQxFDASBgNVBAoTC0ZoaXIgQ29kaW5nMQ0wCwYDVQQLEwRSb290MRQwEgYDVQQD\nEwtTdXJlRmhpci1DQTAeFw0yNDAzMzEyMTIxNTdaFw0yOTA0MDEyMTIxNTdaMH4x\nCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5k\nMRQwEgYDVQQKEwtGaGlyIENvZGluZzEVMBMGA1UECxMMSW50ZXJtZWRpYXRlMR4w\nHAYDVQQDExVTdXJlRmhpci1JbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUA\nA4ICDwAwggIKAoICAQDoUwSdndRTVIzHTG6C1EOktgQYq6ON91JpSDUX5mnPtSbn\nHU6v8G7qvFWzK6S6jquuflV21xv5wQMtT0P7jsUdZAZfFB5OnxjC6sGraBeemwZg\n0SPoq+0h0Mnk+R0pXmwmc57x+nGADoVVnBBflGPRMg8Lnh/+31S4LT+0fmzHxfTy\nXG8jRJGT/yyYFSAJP3lx+WRioi0TykHrap4cztnL68jA4RszfRdsrvjCEeSzli8E\n7p7aakyQLqsC4Q4HBwHsK7uYc8bAx9o7s1ydyLGZsYTxOu7GQEhkLdAZFeiuoptW\nSUcb/ykVq4X/d88zp3cvjj35tTzfvWKb5lyWnMe3pGHJRyLOKq/PDDvfjb07F9sT\nbUjEAXf28WWMlCKW76KMD4c/ZacWRcH6LFFVLL60B21vippvhh4Sim1j7Py/8VKC\n98n6sp2rZQtA90V9+UEewZphtrZiEhgg5wOotBE992qaveILColwscu+os2AOeE0\nkbcggShVdPW6j9ZFqkwM9ZX9d23w39p3grtjBkHfGgPftRVn6kY6cd1Xh+bmlH4z\nV3GLDjSk3eHDy2R22PSfIQXkr7e+jh9umHwgSxXFBEqIpHPsFS9o+H9VqMqv9IOs\nd2nD9A7NuEwR4hyw84RYV0uKNFWKnBxhlEeyCR3g24Bt01EpO9W2DSeE1qPzBQID\nAQABo4IBHTCCARkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYD\nVR0OBBYEFH361hVtNZ+gORk4IJ8qlKdqcSmTMB8GA1UdIwQYMBaAFOvJcuZBjV4H\nKquZj31t/Dd30UojMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwuZmhpcmNl\ncnRzLm5ldC9jcmwvU3VyZUZoaXJMYWJzUm9vdENybC5jcmwwHwYDVR0RBBgwFoYU\ndWRhcDovL2ZoaXJsYWJzLm5ldC8wTgYIKwYBBQUHAQEEQjBAMD4GCCsGAQUFBzAC\nhjJodHRwOi8vY3JsLmZoaXJjZXJ0cy5uZXQvY2VydHMvU3VyZUZoaXJMYWJzX0NB\nLmNlcjANBgkqhkiG9w0BAQsFAAOCAgEAfI95Qn1DpBU54DHz8ysUcgdi2XnHMe83\nghym9/0Ov5w8fZ1kr5GMjt9wWK0/qRv8gcWPwcZPyMgEiEq1rgQsi2LdmNmVmp2h\np8T1zqhRdJDjUSiOTWJZW+ULypHS7vhqHjAwQXxpznQYRDUqRQNr/PuscDbHJ+qm\nSMJHn186129V+C5sAjLthijIY1t+gNROsbc7EQ9wqXPa1jhS5hhntKzm7OKzlFKu\nmyWORXIpTBEqzyrK8ynMxgUnsZtV7PFqT4h4kfHZPi2ZgSukuBLNpLqgR9OLZ4od\n3VcoS83pZiq0WaY76iK+2Fqv0QtHuhLm5R/EWlRsbQ4DlYWR9MgjoE7rR5tWb6l5\nNvtPGwvTARRCYoFX0kjP/YwzldWHWdM1YZ73z7u7Fj7jCsNhUHYaGIRw25bxMxqr\nYUDsbtj3Ze+wjSDxiWxtgV5qrWz8BDjpFIDeE3VsJPHCw4Vy4ufqizrNd7ZcNBmp\ncMmx1ollvdxnQRVrlQAowK+ACjtcVEzcT8QBWRu0D3hjdbDeHmJwu/a+BmAaBKhS\n/1ieQ0eTN5pTrTndmOkICOMqYG4H14AvoR/NGkMOWcNwm0bfiFzRyunc2uZkyXvf\np8LT2aL9LWZNxREyjOqMCBGFcLXA+r02I+c550YwNtJkUTDqsDCMGyC5pB3dZdc2\ng+IojrfmcIE=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFyDCCA7CgAwIBAgIID4f+NanzOocwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UE\nBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxFDASBgNV\nBAoTC0ZoaXIgQ29kaW5nMQ0wCwYDVQQLEwRSb290MRQwEgYDVQQDEwtTdXJlRmhp\nci1DQTAeFw0yNDAzMzEyMTIxNTVaFw0zNDA0MDEyMTIxNTVaMGwxCzAJBgNVBAYT\nAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRQwEgYDVQQK\nEwtGaGlyIENvZGluZzENMAsGA1UECxMEUm9vdDEUMBIGA1UEAxMLU3VyZUZoaXIt\nQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDD+/hwbP6Frzz3lGrm\n43nDZ8Irg+4zuIjbhKMUtEoBhUKdTVJa1DDPVgDoMoGLBhyePHepJtizY7CPnkNv\nNnCdU8vyIld1k3b+xigEH7oEhscBgyvaWMhyGNu318nFE8eWDhfEF9p31g4yHLZo\n4qqYyDgOlDOJqPNoU2llRnwx6x78ZrlQOMfdo95P6FKImp4t3OVjAGWIWQXmHx0l\n2nt1rShvA/KAIRzA6jpWcIBc9aWagkcoqiebSLpS8AYn1tytI0Abn+nL85BMH18B\n2glVHWBreRGcYDGStlKeIHapHzA3Kzz0QadwJjGQdtNqNIIwvk9RFNfaQRrkYw97\nf3gpTTQ6BHAm71qwBxlOWnyn5qaNuUBcSLAqUt+bXarEujYd5XGOFjtUjr+Uf04n\n968hC1v7Whk/tKDwvQFctyrvaNaHi6kcElUhAc9NzIK/cQkiYvfF8rHLePxzUOVx\nsRUkcxciNXN5iM6NZNRIQSuUmbLTfiYoFql0LOFyuxY0RDlRUdGodPuiylj3eFrh\nOoSX6cYanZmya33Ln90hEjQfNP4ISkco/0xIzTZ+56qKi3QRfziE5Ua0X0L51GiP\nlBrQZ4eiKW8rbTE42Ingg2r3GzMglU7PEeqNOdDeX8b9keevI0LXiXFKUA2ckwy1\nqJ38giw9BNGVeYauNFu4DvRrwQIDAQABo24wbDAPBgNVHRMBAf8EBTADAQH/MA4G\nA1UdDwEB/wQEAwIBBjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEG\nCCsGAQUFBwMIMB0GA1UdDgQWBBTryXLmQY1eByqrmY99bfw3d9FKIzANBgkqhkiG\n9w0BAQsFAAOCAgEAsgMzB5Q3k18urq1ztcF2/8hDAJZ7JeI7qRKYujkfwm8skkLN\n4IYQl4bT5MBD4EehQBQYD2BqqmOdXxDiCdWyvNKfberIXZpufEK2vrlz3U3nE05S\nMoVtaNievQpH5XVvmF46AKJUVVx6zHntWBv1gTvyBk/i8pcMdH7/x2d1DFYsjmam\n4VCbjEeLyyocYju+wXwEu5r1HC9lqSUSdJX5oUSuxDdHBf7MQlFUUi5hNpm7qa2a\nJ36fTgOi5C24gR11qO5PV69drlNgr0iPC3hEEICI33YzHMVG9EfuST2nUZsYIdYr\ndr596osBMIRkCgQfyR2AfkoMAW/ea6x7nzqWphfTCGij0XboYYR/prm6odXBbhQD\nEn1cTlXceyyyhPV7QhR8gD284PyQQ9MiTp9Z1S4TWWItH1p251G9BaLgvnL1zMp3\nx2j3GH3auMJzirpsHS0Z8ph7gg0mI5Tf8yBHZ4t3CM0gmcuhjcSUxT0myOa04+Fp\nnNWkPc8Sms/3vL/rOcxOd+WJXD6VnpgjAvYKqjDHls27wG3wTu06aU9CEP+MxCQo\nvUAZ8rab6UBwCyqcuP2BMqYQUVzhLyxXicQqbxzc8bFep0Z988UjTkqYhTujZ7Ha\nH+y31f+V92LrJJAAO2hpOh5Xqqz34AMVDi87+zD4Z0+b7rFVfTOPOBZQRKU=\n-----END CERTIFICATE-----",
|
|
94
|
+
"_title": "Authorization Code Client Certificate(s) (PEM Format)",
|
|
95
|
+
"_description": "\n A list of one or more X.509 certificates in PEM format separated by a newline. The first (leaf) certificate\n MUST represent the client entity Inferno will register as,\n and the trust chain that will be built from the provided certificate(s) must resolve to a CA trusted by the\n authorization server under test.\n ",
|
|
96
|
+
"_type": "textarea",
|
|
97
|
+
"_optional": false
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
"name": "udap_auth_code_flow_client_private_key",
|
|
101
|
+
"value": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDy2kOxArrYZ2XK\najkDouihaTHHhFEI9pMdlpDkp9sYXnZRiNoQwFQ08svjrYNNzJtDFE1HNxKLzv3U\nbrg2Ty7EEQ26kKC0ChO6oobtkXxEFGT5ynVY9WPockHQClWD00F85Sr5+ftqUBP2\nrBiDHuWD0kNmTjqEnq5G0G4mYr85V1euY/9c3Apubz5BGy1J51AI0043vV/h4baI\nH2hyEl5REvu5XwjvAgOv6qk0+xDCTBXKxUDeOZjBelxLHxpaCs1y7uiw4Ob/r57Q\nvHgWyervofuCqyBR5mz4aZSdmREkXh2amp9uqA5zEfxrfjkMz1D6wJ43jXANNdp8\nGgABIOvHAgMBAAECggEARNiRhhXjCERPvBFe9mPxlQiwXwJowqS8UhAEJX5cg00M\nN9MXFtafSJ9oI7Rl2+FcRqjzu3OmY1Ib7WQx/tt1w4meHbywgjm1HBzFKYYr91Tc\nx1+Y4s42M4holeTIF2YFU7XX+CPhHWN0NWLWVB2nLTanetJEjqI5f8PI5kLqOQO3\nbApR7DRGjQAKTM3ozC9ycwVUlQcOagG5VeO0pvExmj3LP1MZ/smrgnEZe+BlqRIe\nnmFfO8XR4r+G2Y8g6z6SC/C8CCHlLrBtzqRp655cKgwnYatDMIViVTngqSx+XmIa\n5a6j0RRE9H30h4E2qbxggjInArd8Qxg+XyebKWD2UQKBgQD7hjyNvvcXEXDCZGJD\nrOx0IsAwFxw98MPnaUjUJWoXXqAgKe5goAgKIyGxvdvJkx8axlORtf1dndBLd4v+\n51upncgNN0lw7XtZeYyKkLzoMQvKHuTZKxSrxWnd5r+/VxioOfxMf1PQav8oTUgF\nf8BDkdmWwZzT+6/bwP5f9cA9TwKBgQD3LIaMBh2uoTu6M1WOxFfYPagyuN1hzoBv\nNc6mHtuqULEJGSgGIZfSqgB7t2qn0t+L/jrZX8AIJjGoF1OGOuZnTSRuvymt+m1P\nH2gjbTeaxr1OO0v2tnws4zAieqV2MaGKKLkzLZvkgz7Ihga3dUMNCysp11KwV9gu\nKp8kL2v8CQKBgQCSnI+FbC/pQWBB33Or0QtPMsZmAcKTlFkM9cDe8CQkFSMvPGHX\n7tBg4FOOoIWRvPEfkUU7JSLXw9qbcsamwcMbXn4yvexQKA2DfSdfybhje9tMaK+q\nqsL00TDBiPRyGtmjjZE0IfAAB65NlqaJlgrDGCwGBTteEVJTvO5Jjx0MXwKBgQCb\nkkHJJhxOiprOMns6Vag4qW4RJrvoUJIT7Rj5A9kclJco89V2LnShmnCdba9Km/Yp\n5cTihlqWhnugobXneXEFOc+hiN5R65obP9hK2/Ywi8Ag2j+QtADqO8BTI0C7aLeU\n/ta6OI2zQUwl5/2YQM0IC6yKNEWOSmv9esQZgWOFCQKBgG0KqReVpgyWsru2echQ\nj3UGbgftBQtEssSr5Zd7ZymrIUa0na2X4c3qmAEjD5aT1RrU0xvOvOz0Ib3RS77U\nEkDFFGHsOMdo21gx+L14dJtevBtiOs4+ka18YvLxBv7L+EtJjs96rb+2vTC+hPOn\nPt+YtETr5wLxaKTolgnN3Xok\n-----END PRIVATE KEY-----",
|
|
102
|
+
"_title": "Authorization Code Client Private Key (PEM Format)",
|
|
103
|
+
"_description": "\n The private key corresponding to the client certificate used for registration, in PEM format. Used to sign\n registration and/or authentication JWTs.\n ",
|
|
104
|
+
"_type": "textarea",
|
|
105
|
+
"_optional": false
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
"name": "udap_auth_code_flow_cert_iss",
|
|
109
|
+
"value": "https://inferno.healthit.gov/",
|
|
110
|
+
"_title": "Authorization Code JWT Issuer (iss) Claim",
|
|
111
|
+
"_description": "\n MUST correspond to a unique URI entry in the Subject Alternative Name (SAN) extension of the client\n certificate used for registration.\n ",
|
|
112
|
+
"_type": "text",
|
|
113
|
+
"_optional": false
|
|
114
|
+
},
|
|
115
|
+
{
|
|
116
|
+
"name": "udap_auth_code_flow_registration_scope",
|
|
117
|
+
"value": "patient/*.r",
|
|
118
|
+
"_title": "Authorization Code Registration Requested Scope(s)",
|
|
119
|
+
"_description": "\n String containing a space delimited list of scopes requested by the client application for use in\n subsequent requests. The Authorization Server MAY consider this list when deciding the scopes that it\n will allow the application to subsequently request. Apps requesting the \"authorization_code\" grant\n type SHOULD request user or patient scopes.\n ",
|
|
120
|
+
"_type": "text"
|
|
121
|
+
},
|
|
122
|
+
{
|
|
123
|
+
"name": "udap_jwt_signing_alg",
|
|
124
|
+
"value": "RS256",
|
|
125
|
+
"_title": "JWT Signing Algorithm",
|
|
126
|
+
"_description": "\n Algorithm used to sign UDAP JSON Web Tokens (JWTs). UDAP Implementations SHALL support\n RS256.\n ",
|
|
127
|
+
"_type": "radio",
|
|
128
|
+
"_options": {
|
|
129
|
+
"list_options": [
|
|
130
|
+
{
|
|
131
|
+
"label": "RS256",
|
|
132
|
+
"value": "RS256"
|
|
133
|
+
}
|
|
134
|
+
]
|
|
135
|
+
},
|
|
136
|
+
"_locked": true
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
"name": "udap_auth_code_flow_registration_certifications",
|
|
140
|
+
"value": null,
|
|
141
|
+
"_title": "Authorization Code UDAP Registration Certifications",
|
|
142
|
+
"_description": "\n Additional UDAP certifications to include in registration request, if required by the authorization server.\n Include a space separated list of strings representing a Base64-encoded, signed JWT.\n ",
|
|
143
|
+
"_type": "textarea",
|
|
144
|
+
"_optional": true
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"name": "udap_authorization_code_request_scopes",
|
|
148
|
+
"value": "patient/AllergyIntolerance.r patient/Condition.r",
|
|
149
|
+
"_title": "Scope Parameter for Authorization Request",
|
|
150
|
+
"_description": "\n A list of space-separated scopes to include in the authorization request. If included, these may be equal\n to or a subset of the scopes requested during registration.\n If empty, scope will be omitted as a parameter to the authorization endpoint.\n ",
|
|
151
|
+
"_type": "text",
|
|
152
|
+
"_optional": true
|
|
153
|
+
},
|
|
154
|
+
{
|
|
155
|
+
"name": "udap_authorization_code_request_aud",
|
|
156
|
+
"value": ["include_aud"],
|
|
157
|
+
"_title": "Audience ('aud') Parameter for Authorization Request",
|
|
158
|
+
"_description": "\n If selected, the Base FHIR URL will be used as the 'aud' parameter in the request to the authorization\n endpoint.\n ",
|
|
159
|
+
"_type": "checkbox",
|
|
160
|
+
"_optional": true,
|
|
161
|
+
"_options": {
|
|
162
|
+
"list_options": [
|
|
163
|
+
{
|
|
164
|
+
"label": "Include 'aud' parameter",
|
|
165
|
+
"value": "include_aud"
|
|
166
|
+
}
|
|
167
|
+
]
|
|
168
|
+
}
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
"name": "flow_type_client_creds",
|
|
172
|
+
"value": [
|
|
173
|
+
"client_credentials"
|
|
174
|
+
],
|
|
175
|
+
"_title": "Required OAuth2.0 Flow Type for Client Credentials Workflow",
|
|
176
|
+
"_description": "Which grant type(s) must be supported per the returned Discovery metadata",
|
|
177
|
+
"_type": "checkbox",
|
|
178
|
+
"_optional": "false",
|
|
179
|
+
"_options": {
|
|
180
|
+
"list_options": [
|
|
181
|
+
{
|
|
182
|
+
"label": "Authorization Code",
|
|
183
|
+
"value": "authorization_code"
|
|
184
|
+
},
|
|
185
|
+
{
|
|
186
|
+
"label": "Client Credentials",
|
|
187
|
+
"value": "client_credentials"
|
|
188
|
+
}
|
|
189
|
+
]
|
|
190
|
+
},
|
|
191
|
+
"_locked": true
|
|
192
|
+
},
|
|
193
|
+
{
|
|
194
|
+
"name": "udap_client_credentials_flow_registration_grant_type",
|
|
195
|
+
"value": "client_credentials",
|
|
196
|
+
"_title": "Client Registration Grant Type",
|
|
197
|
+
"_description": "\n The OAuth2.0 grant type for which this client will register itself. A given client may register as either\n option, but not both.\n ",
|
|
198
|
+
"_type": "radio",
|
|
199
|
+
"_options": {
|
|
200
|
+
"list_options": [
|
|
201
|
+
{
|
|
202
|
+
"label": "Authorization Code",
|
|
203
|
+
"value": "authorization_code"
|
|
204
|
+
},
|
|
205
|
+
{
|
|
206
|
+
"label": "Client Credentials",
|
|
207
|
+
"value": "client_credentials"
|
|
208
|
+
}
|
|
209
|
+
]
|
|
210
|
+
},
|
|
211
|
+
"_locked": true
|
|
212
|
+
},
|
|
213
|
+
{
|
|
214
|
+
"name": "udap_client_credentials_flow_client_registration_status",
|
|
215
|
+
"value": "update",
|
|
216
|
+
"_title": "Client Registration Status",
|
|
217
|
+
"_description": "\n If the client's iss and certificate combination has already been registered with the authorization server\n prior to this test run, select 'Update'.\n ",
|
|
218
|
+
"_type": "radio",
|
|
219
|
+
"_options": {
|
|
220
|
+
"list_options": [
|
|
221
|
+
{
|
|
222
|
+
"label": "New Registration (201 Response Code Expected)",
|
|
223
|
+
"value": "new"
|
|
224
|
+
},
|
|
225
|
+
{
|
|
226
|
+
"label": "Update Registration (200 or 201 Response Code Expected)",
|
|
227
|
+
"value": "update"
|
|
228
|
+
}
|
|
229
|
+
]
|
|
230
|
+
}
|
|
231
|
+
},
|
|
232
|
+
{
|
|
233
|
+
"name": "udap_client_credentials_flow_client_cert_pem",
|
|
234
|
+
"value": "-----BEGIN CERTIFICATE-----\nMIIF7jCCA9agAwIBAgIRANwIl2YXy2fVCASfkpDCJvMwDQYJKoZIhvcNAQELBQAw\nfjELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh\nbmQxFDASBgNVBAoTC0ZoaXIgQ29kaW5nMRUwEwYDVQQLEwxJbnRlcm1lZGlhdGUx\nHjAcBgNVBAMTFVN1cmVGaGlyLUludGVybWVkaWF0ZTAeFw0yNTAyMDMyMDU3MDZa\nFw0yNzAyMDMyMDU3MDZaMH4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24x\nETAPBgNVBAcMCFBvcnRsYW5kMRQwEgYDVQQKDAtGaGlyIENvZGluZzENMAsGA1UE\nCwwEVURBUDEmMCQGA1UEAwwdaHR0cHM6Ly9pbmZlcm5vLmhlYWx0aGl0Lmdvdi8w\nggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDy2kOxArrYZ2XKajkDouih\naTHHhFEI9pMdlpDkp9sYXnZRiNoQwFQ08svjrYNNzJtDFE1HNxKLzv3Ubrg2Ty7E\nEQ26kKC0ChO6oobtkXxEFGT5ynVY9WPockHQClWD00F85Sr5+ftqUBP2rBiDHuWD\n0kNmTjqEnq5G0G4mYr85V1euY/9c3Apubz5BGy1J51AI0043vV/h4baIH2hyEl5R\nEvu5XwjvAgOv6qk0+xDCTBXKxUDeOZjBelxLHxpaCs1y7uiw4Ob/r57QvHgWyerv\nofuCqyBR5mz4aZSdmREkXh2amp9uqA5zEfxrfjkMz1D6wJ43jXANNdp8GgABIOvH\nAgMBAAGjggFlMIIBYTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNV\nHQ4EFgQUDbOUKAfjcENPuV+fTYDkz+TFA/AwHwYDVR0jBBgwFoAUffrWFW01n6A5\nGTggnyqUp2pxKZMwTQYDVR0fBEYwRDBCoECgPoY8aHR0cDovL2NybC5maGlyY2Vy\ndHMubmV0L2NybC9zdXJlZmhpcmxhYnNJbnRlcm1lZGlhdGVDcmwuY3JsMEoGA1Ud\nEQRDMEGGHWh0dHBzOi8vaW5mZXJuby5oZWFsdGhpdC5nb3YvhiBodHRwczovL2lu\nZmVybm8tcWEuaGVhbHRoaXQuZ292LzBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUH\nMAKGSmh0dHA6Ly9jcmwuZmhpcmNlcnRzLm5ldC9jZXJ0cy9pbnRlcm1lZGlhdGVz\nL1N1cmVGaGlyTGFic19JbnRlcm1lZGlhdGUuY2VyMA0GCSqGSIb3DQEBCwUAA4IC\nAQC4PtCfyOouoNmNBtT7sTyv5jMXtgv+kfu9ySepV9KbpOUceQEs9qbrCf3vmn4c\n4T4VGgXtoGHc2GmqdkWFmj37uqfjfR5dQ05SmYprvrI0he5Fe3f3FxzyBhEns69g\nIUay/hMWKLemati0MQ2HOZnY3SusF6qqCYTPYEWeV9sPNDNdgsIq47gPrZsnOlsQ\n6SyFmnmid4K8mJblxZBGpfpIfW6UaluId9WZeRhY39rhKXoxFc08alBfI6WEtTPG\nI6T+azyaVtDm+ypo18d94oLI7rmr/67xEwDFUNrJ2lotueI0Fr3IA2BHNw1BdrX/\nnXr/RRCENdsRnAJ+fhWYVjDCBdqmjF1b386lBWyJSuWlh6CbcEXFDxBN0LPzyWEj\nqIENKnWCWG8QoregV3K0gu1WiHhtNdaDdBAy79sbQ+5i86jMcyjJ0bC16kLz+jeo\nqDBx0oNdH4YVum/Uscyp/bwxznQ7eAg1oyCAeywlQ3eZKTB4Ki3rhfDDnuzDdh4X\nqS7H0/euzP7VIpTy/8QRrgTXCrFubRqZY0axoPDWG6ZrXtxAillVOoUVn6ucrvxf\nLE2BtQRVgNnw58QbP1bNZei5intokoy3V/3+1/En2/HlEv/HZloooUwkbuxkQE97\nb/b3yodmo1lF1qq+zfd6zzk9ERxC+2X9c2g2VCP5LcpJJQ==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGlDCCBHygAwIBAgIRAPAQo572a38pKrE1y3TWITIwDQYJKoZIhvcNAQELBQAw\nbDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh\nbmQxFDASBgNVBAoTC0ZoaXIgQ29kaW5nMQ0wCwYDVQQLEwRSb290MRQwEgYDVQQD\nEwtTdXJlRmhpci1DQTAeFw0yNDAzMzEyMTIxNTdaFw0yOTA0MDEyMTIxNTdaMH4x\nCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5k\nMRQwEgYDVQQKEwtGaGlyIENvZGluZzEVMBMGA1UECxMMSW50ZXJtZWRpYXRlMR4w\nHAYDVQQDExVTdXJlRmhpci1JbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUA\nA4ICDwAwggIKAoICAQDoUwSdndRTVIzHTG6C1EOktgQYq6ON91JpSDUX5mnPtSbn\nHU6v8G7qvFWzK6S6jquuflV21xv5wQMtT0P7jsUdZAZfFB5OnxjC6sGraBeemwZg\n0SPoq+0h0Mnk+R0pXmwmc57x+nGADoVVnBBflGPRMg8Lnh/+31S4LT+0fmzHxfTy\nXG8jRJGT/yyYFSAJP3lx+WRioi0TykHrap4cztnL68jA4RszfRdsrvjCEeSzli8E\n7p7aakyQLqsC4Q4HBwHsK7uYc8bAx9o7s1ydyLGZsYTxOu7GQEhkLdAZFeiuoptW\nSUcb/ykVq4X/d88zp3cvjj35tTzfvWKb5lyWnMe3pGHJRyLOKq/PDDvfjb07F9sT\nbUjEAXf28WWMlCKW76KMD4c/ZacWRcH6LFFVLL60B21vippvhh4Sim1j7Py/8VKC\n98n6sp2rZQtA90V9+UEewZphtrZiEhgg5wOotBE992qaveILColwscu+os2AOeE0\nkbcggShVdPW6j9ZFqkwM9ZX9d23w39p3grtjBkHfGgPftRVn6kY6cd1Xh+bmlH4z\nV3GLDjSk3eHDy2R22PSfIQXkr7e+jh9umHwgSxXFBEqIpHPsFS9o+H9VqMqv9IOs\nd2nD9A7NuEwR4hyw84RYV0uKNFWKnBxhlEeyCR3g24Bt01EpO9W2DSeE1qPzBQID\nAQABo4IBHTCCARkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYD\nVR0OBBYEFH361hVtNZ+gORk4IJ8qlKdqcSmTMB8GA1UdIwQYMBaAFOvJcuZBjV4H\nKquZj31t/Dd30UojMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwuZmhpcmNl\ncnRzLm5ldC9jcmwvU3VyZUZoaXJMYWJzUm9vdENybC5jcmwwHwYDVR0RBBgwFoYU\ndWRhcDovL2ZoaXJsYWJzLm5ldC8wTgYIKwYBBQUHAQEEQjBAMD4GCCsGAQUFBzAC\nhjJodHRwOi8vY3JsLmZoaXJjZXJ0cy5uZXQvY2VydHMvU3VyZUZoaXJMYWJzX0NB\nLmNlcjANBgkqhkiG9w0BAQsFAAOCAgEAfI95Qn1DpBU54DHz8ysUcgdi2XnHMe83\nghym9/0Ov5w8fZ1kr5GMjt9wWK0/qRv8gcWPwcZPyMgEiEq1rgQsi2LdmNmVmp2h\np8T1zqhRdJDjUSiOTWJZW+ULypHS7vhqHjAwQXxpznQYRDUqRQNr/PuscDbHJ+qm\nSMJHn186129V+C5sAjLthijIY1t+gNROsbc7EQ9wqXPa1jhS5hhntKzm7OKzlFKu\nmyWORXIpTBEqzyrK8ynMxgUnsZtV7PFqT4h4kfHZPi2ZgSukuBLNpLqgR9OLZ4od\n3VcoS83pZiq0WaY76iK+2Fqv0QtHuhLm5R/EWlRsbQ4DlYWR9MgjoE7rR5tWb6l5\nNvtPGwvTARRCYoFX0kjP/YwzldWHWdM1YZ73z7u7Fj7jCsNhUHYaGIRw25bxMxqr\nYUDsbtj3Ze+wjSDxiWxtgV5qrWz8BDjpFIDeE3VsJPHCw4Vy4ufqizrNd7ZcNBmp\ncMmx1ollvdxnQRVrlQAowK+ACjtcVEzcT8QBWRu0D3hjdbDeHmJwu/a+BmAaBKhS\n/1ieQ0eTN5pTrTndmOkICOMqYG4H14AvoR/NGkMOWcNwm0bfiFzRyunc2uZkyXvf\np8LT2aL9LWZNxREyjOqMCBGFcLXA+r02I+c550YwNtJkUTDqsDCMGyC5pB3dZdc2\ng+IojrfmcIE=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFyDCCA7CgAwIBAgIID4f+NanzOocwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UE\nBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxFDASBgNV\nBAoTC0ZoaXIgQ29kaW5nMQ0wCwYDVQQLEwRSb290MRQwEgYDVQQDEwtTdXJlRmhp\nci1DQTAeFw0yNDAzMzEyMTIxNTVaFw0zNDA0MDEyMTIxNTVaMGwxCzAJBgNVBAYT\nAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRQwEgYDVQQK\nEwtGaGlyIENvZGluZzENMAsGA1UECxMEUm9vdDEUMBIGA1UEAxMLU3VyZUZoaXIt\nQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDD+/hwbP6Frzz3lGrm\n43nDZ8Irg+4zuIjbhKMUtEoBhUKdTVJa1DDPVgDoMoGLBhyePHepJtizY7CPnkNv\nNnCdU8vyIld1k3b+xigEH7oEhscBgyvaWMhyGNu318nFE8eWDhfEF9p31g4yHLZo\n4qqYyDgOlDOJqPNoU2llRnwx6x78ZrlQOMfdo95P6FKImp4t3OVjAGWIWQXmHx0l\n2nt1rShvA/KAIRzA6jpWcIBc9aWagkcoqiebSLpS8AYn1tytI0Abn+nL85BMH18B\n2glVHWBreRGcYDGStlKeIHapHzA3Kzz0QadwJjGQdtNqNIIwvk9RFNfaQRrkYw97\nf3gpTTQ6BHAm71qwBxlOWnyn5qaNuUBcSLAqUt+bXarEujYd5XGOFjtUjr+Uf04n\n968hC1v7Whk/tKDwvQFctyrvaNaHi6kcElUhAc9NzIK/cQkiYvfF8rHLePxzUOVx\nsRUkcxciNXN5iM6NZNRIQSuUmbLTfiYoFql0LOFyuxY0RDlRUdGodPuiylj3eFrh\nOoSX6cYanZmya33Ln90hEjQfNP4ISkco/0xIzTZ+56qKi3QRfziE5Ua0X0L51GiP\nlBrQZ4eiKW8rbTE42Ingg2r3GzMglU7PEeqNOdDeX8b9keevI0LXiXFKUA2ckwy1\nqJ38giw9BNGVeYauNFu4DvRrwQIDAQABo24wbDAPBgNVHRMBAf8EBTADAQH/MA4G\nA1UdDwEB/wQEAwIBBjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEG\nCCsGAQUFBwMIMB0GA1UdDgQWBBTryXLmQY1eByqrmY99bfw3d9FKIzANBgkqhkiG\n9w0BAQsFAAOCAgEAsgMzB5Q3k18urq1ztcF2/8hDAJZ7JeI7qRKYujkfwm8skkLN\n4IYQl4bT5MBD4EehQBQYD2BqqmOdXxDiCdWyvNKfberIXZpufEK2vrlz3U3nE05S\nMoVtaNievQpH5XVvmF46AKJUVVx6zHntWBv1gTvyBk/i8pcMdH7/x2d1DFYsjmam\n4VCbjEeLyyocYju+wXwEu5r1HC9lqSUSdJX5oUSuxDdHBf7MQlFUUi5hNpm7qa2a\nJ36fTgOi5C24gR11qO5PV69drlNgr0iPC3hEEICI33YzHMVG9EfuST2nUZsYIdYr\ndr596osBMIRkCgQfyR2AfkoMAW/ea6x7nzqWphfTCGij0XboYYR/prm6odXBbhQD\nEn1cTlXceyyyhPV7QhR8gD284PyQQ9MiTp9Z1S4TWWItH1p251G9BaLgvnL1zMp3\nx2j3GH3auMJzirpsHS0Z8ph7gg0mI5Tf8yBHZ4t3CM0gmcuhjcSUxT0myOa04+Fp\nnNWkPc8Sms/3vL/rOcxOd+WJXD6VnpgjAvYKqjDHls27wG3wTu06aU9CEP+MxCQo\nvUAZ8rab6UBwCyqcuP2BMqYQUVzhLyxXicQqbxzc8bFep0Z988UjTkqYhTujZ7Ha\nH+y31f+V92LrJJAAO2hpOh5Xqqz34AMVDi87+zD4Z0+b7rFVfTOPOBZQRKU=\n-----END CERTIFICATE-----",
|
|
235
|
+
"_title": "Client Credentials Client Certificate(s) (PEM Format)",
|
|
236
|
+
"_description": "\n A list of one or more X.509 certificates in PEM format separated by a newline. The first (leaf) certificate\n MUST represent the client entity Inferno will register as,\n and the trust chain that will be built from the provided certificate(s) must resolve to a CA trusted by the\n authorization server under test.\n ",
|
|
237
|
+
"_type": "textarea",
|
|
238
|
+
"_optional": false
|
|
239
|
+
},
|
|
240
|
+
{
|
|
241
|
+
"name": "udap_client_credentials_flow_client_private_key",
|
|
242
|
+
"value": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDy2kOxArrYZ2XK\najkDouihaTHHhFEI9pMdlpDkp9sYXnZRiNoQwFQ08svjrYNNzJtDFE1HNxKLzv3U\nbrg2Ty7EEQ26kKC0ChO6oobtkXxEFGT5ynVY9WPockHQClWD00F85Sr5+ftqUBP2\nrBiDHuWD0kNmTjqEnq5G0G4mYr85V1euY/9c3Apubz5BGy1J51AI0043vV/h4baI\nH2hyEl5REvu5XwjvAgOv6qk0+xDCTBXKxUDeOZjBelxLHxpaCs1y7uiw4Ob/r57Q\nvHgWyervofuCqyBR5mz4aZSdmREkXh2amp9uqA5zEfxrfjkMz1D6wJ43jXANNdp8\nGgABIOvHAgMBAAECggEARNiRhhXjCERPvBFe9mPxlQiwXwJowqS8UhAEJX5cg00M\nN9MXFtafSJ9oI7Rl2+FcRqjzu3OmY1Ib7WQx/tt1w4meHbywgjm1HBzFKYYr91Tc\nx1+Y4s42M4holeTIF2YFU7XX+CPhHWN0NWLWVB2nLTanetJEjqI5f8PI5kLqOQO3\nbApR7DRGjQAKTM3ozC9ycwVUlQcOagG5VeO0pvExmj3LP1MZ/smrgnEZe+BlqRIe\nnmFfO8XR4r+G2Y8g6z6SC/C8CCHlLrBtzqRp655cKgwnYatDMIViVTngqSx+XmIa\n5a6j0RRE9H30h4E2qbxggjInArd8Qxg+XyebKWD2UQKBgQD7hjyNvvcXEXDCZGJD\nrOx0IsAwFxw98MPnaUjUJWoXXqAgKe5goAgKIyGxvdvJkx8axlORtf1dndBLd4v+\n51upncgNN0lw7XtZeYyKkLzoMQvKHuTZKxSrxWnd5r+/VxioOfxMf1PQav8oTUgF\nf8BDkdmWwZzT+6/bwP5f9cA9TwKBgQD3LIaMBh2uoTu6M1WOxFfYPagyuN1hzoBv\nNc6mHtuqULEJGSgGIZfSqgB7t2qn0t+L/jrZX8AIJjGoF1OGOuZnTSRuvymt+m1P\nH2gjbTeaxr1OO0v2tnws4zAieqV2MaGKKLkzLZvkgz7Ihga3dUMNCysp11KwV9gu\nKp8kL2v8CQKBgQCSnI+FbC/pQWBB33Or0QtPMsZmAcKTlFkM9cDe8CQkFSMvPGHX\n7tBg4FOOoIWRvPEfkUU7JSLXw9qbcsamwcMbXn4yvexQKA2DfSdfybhje9tMaK+q\nqsL00TDBiPRyGtmjjZE0IfAAB65NlqaJlgrDGCwGBTteEVJTvO5Jjx0MXwKBgQCb\nkkHJJhxOiprOMns6Vag4qW4RJrvoUJIT7Rj5A9kclJco89V2LnShmnCdba9Km/Yp\n5cTihlqWhnugobXneXEFOc+hiN5R65obP9hK2/Ywi8Ag2j+QtADqO8BTI0C7aLeU\n/ta6OI2zQUwl5/2YQM0IC6yKNEWOSmv9esQZgWOFCQKBgG0KqReVpgyWsru2echQ\nj3UGbgftBQtEssSr5Zd7ZymrIUa0na2X4c3qmAEjD5aT1RrU0xvOvOz0Ib3RS77U\nEkDFFGHsOMdo21gx+L14dJtevBtiOs4+ka18YvLxBv7L+EtJjs96rb+2vTC+hPOn\nPt+YtETr5wLxaKTolgnN3Xok\n-----END PRIVATE KEY-----",
|
|
243
|
+
"_title": "Client Credentials Client Private Key (PEM Format)",
|
|
244
|
+
"_description": "\n The private key corresponding to the client certificate used for registration, in PEM format. Used to sign\n registration and/or authentication JWTs.\n ",
|
|
245
|
+
"_type": "textarea",
|
|
246
|
+
"_optional": false
|
|
247
|
+
},
|
|
248
|
+
{
|
|
249
|
+
"name": "udap_cert_iss_client_creds_flow",
|
|
250
|
+
"value": "https://inferno-qa.healthit.gov/",
|
|
251
|
+
"_title": "Client Credentials JWT Issuer (iss) Claim",
|
|
252
|
+
"_description": "\n MUST correspond to a unique URI entry in the Subject Alternative Name (SAN) extension of the client\n certificate used for registration.\n ",
|
|
253
|
+
"_type": "text",
|
|
254
|
+
"_optional": false
|
|
255
|
+
},
|
|
256
|
+
{
|
|
257
|
+
"name": "udap_client_credentials_flow_registration_scope",
|
|
258
|
+
"value": "system/*.r",
|
|
259
|
+
"_title": "Client Credentials Registration Requested Scope(s)",
|
|
260
|
+
"_description": "\n String containing a space delimited list of scopes requested by the client application for use in\n subsequent requests. The Authorization Server MAY consider this list when deciding the scopes that it\n will allow the application to subsequently request. Apps requesting the \"client_credentials\" grant\n type SHOULD request system scopes.\n ",
|
|
261
|
+
"_type": "text"
|
|
262
|
+
},
|
|
263
|
+
{
|
|
264
|
+
"name": "udap_client_creds_flow_registration_certifications",
|
|
265
|
+
"value": null,
|
|
266
|
+
"_title": "Client Credentials UDAP Registration Certifications",
|
|
267
|
+
"_description": "\n Additional UDAP certifications to include in registration request, if required by the authorization server.\n Include a space separated list of strings representing a Base64-encoded, signed JWT.\n ",
|
|
268
|
+
"_type": "textarea",
|
|
269
|
+
"_optional": true
|
|
270
|
+
}
|
|
271
|
+
]
|
|
272
|
+
}
|
|
@@ -14,45 +14,40 @@ module UDAPSecurityTestKit
|
|
|
14
14
|
)
|
|
15
15
|
id :udap_authorization_code_authentication_group
|
|
16
16
|
|
|
17
|
+
config(
|
|
18
|
+
requests: {
|
|
19
|
+
token_exchange: {
|
|
20
|
+
name: :udap_auth_code_flow_token_exchange
|
|
21
|
+
}
|
|
22
|
+
},
|
|
23
|
+
inputs: {
|
|
24
|
+
udap_client_id: {
|
|
25
|
+
name: :udap_authorization_code_flow_client_id
|
|
26
|
+
},
|
|
27
|
+
token_response_body: {
|
|
28
|
+
name: :udap_auth_code_flow_token_exchange_response_body
|
|
29
|
+
}
|
|
30
|
+
},
|
|
31
|
+
outputs: {
|
|
32
|
+
udap_access_token: {
|
|
33
|
+
name: :udap_auth_code_flow_access_token
|
|
34
|
+
},
|
|
35
|
+
udap_expires_in: {
|
|
36
|
+
name: :udap_auth_code_flow_expires_in
|
|
37
|
+
},
|
|
38
|
+
udap_received_scopes: {
|
|
39
|
+
name: :udap_auth_code_flow_received_scopes
|
|
40
|
+
},
|
|
41
|
+
udap_refresh_token: {
|
|
42
|
+
name: :udap_auth_code_flow_refresh_token
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
)
|
|
46
|
+
|
|
17
47
|
test from: :udap_authorization_code_redirect
|
|
18
48
|
test from: :udap_authorization_code_received
|
|
19
|
-
test from: :udap_authorization_code_token_exchange
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
token_exchange: {
|
|
23
|
-
name: :udap_auth_code_flow_token_exchange
|
|
24
|
-
}
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
test from: :udap_token_exchange_response_body,
|
|
28
|
-
config: {
|
|
29
|
-
inputs: {
|
|
30
|
-
token_response_body: {
|
|
31
|
-
name: :udap_auth_code_flow_token_exchange_response_body
|
|
32
|
-
}
|
|
33
|
-
},
|
|
34
|
-
outputs: {
|
|
35
|
-
udap_access_token: {
|
|
36
|
-
name: :udap_auth_code_flow_access_token
|
|
37
|
-
},
|
|
38
|
-
udap_expires_in: {
|
|
39
|
-
name: :udap_auth_code_flow_expires_in
|
|
40
|
-
},
|
|
41
|
-
udap_received_scopes: {
|
|
42
|
-
name: :udap_auth_code_flow_received_scopes
|
|
43
|
-
},
|
|
44
|
-
udap_refresh_token: {
|
|
45
|
-
name: :udap_auth_code_flow_refresh_token
|
|
46
|
-
}
|
|
47
|
-
}
|
|
48
|
-
}
|
|
49
|
-
test from: :udap_token_exchange_response_headers,
|
|
50
|
-
config: {
|
|
51
|
-
requests: {
|
|
52
|
-
token_exchange: {
|
|
53
|
-
name: :udap_auth_code_flow_token_exchange
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
|
-
}
|
|
49
|
+
test from: :udap_authorization_code_token_exchange
|
|
50
|
+
test from: :udap_token_exchange_response_body
|
|
51
|
+
test from: :udap_token_exchange_response_headers
|
|
57
52
|
end
|
|
58
53
|
end
|
|
@@ -80,14 +80,8 @@ module UDAPSecurityTestKit
|
|
|
80
80
|
}
|
|
81
81
|
},
|
|
82
82
|
outputs: {
|
|
83
|
-
|
|
84
|
-
name: :
|
|
85
|
-
},
|
|
86
|
-
udap_client_private_key_pem: {
|
|
87
|
-
name: :udap_auth_code_flow_client_private_key
|
|
88
|
-
},
|
|
89
|
-
udap_cert_iss: {
|
|
90
|
-
name: :udap_auth_code_flow_cert_iss
|
|
83
|
+
udap_client_id: {
|
|
84
|
+
name: :udap_authorization_code_flow_client_id
|
|
91
85
|
}
|
|
92
86
|
}
|
|
93
87
|
} do
|
|
@@ -12,43 +12,38 @@ module UDAPSecurityTestKit
|
|
|
12
12
|
)
|
|
13
13
|
id :udap_client_credentials_authentication_group
|
|
14
14
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
test from: :
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
token_exchange: {
|
|
49
|
-
name: :udap_client_credentials_flow_token_exchange
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
}
|
|
15
|
+
config(
|
|
16
|
+
requests: {
|
|
17
|
+
token_exchange: {
|
|
18
|
+
name: :udap_client_credentials_flow_token_exchange
|
|
19
|
+
}
|
|
20
|
+
},
|
|
21
|
+
inputs: {
|
|
22
|
+
udap_client_id: {
|
|
23
|
+
name: :udap_client_credentials_flow_client_id
|
|
24
|
+
},
|
|
25
|
+
token_response_body: {
|
|
26
|
+
name: :udap_client_credentials_flow_token_exchange_response_body
|
|
27
|
+
}
|
|
28
|
+
},
|
|
29
|
+
outputs: {
|
|
30
|
+
udap_access_token: {
|
|
31
|
+
name: :udap_client_credentials_flow_access_token
|
|
32
|
+
},
|
|
33
|
+
udap_expires_in: {
|
|
34
|
+
name: :udap_client_credentials_flow_expires_in
|
|
35
|
+
},
|
|
36
|
+
udap_received_scopes: {
|
|
37
|
+
name: :udap_client_credentials_flow_received_scopes
|
|
38
|
+
},
|
|
39
|
+
udap_refresh_token: {
|
|
40
|
+
name: :udap_client_credentials_flow_refresh_token
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
)
|
|
44
|
+
|
|
45
|
+
test from: :udap_client_credentials_token_exchange
|
|
46
|
+
test from: :udap_token_exchange_response_body
|
|
47
|
+
test from: :udap_token_exchange_response_headers
|
|
53
48
|
end
|
|
54
49
|
end
|
|
@@ -82,14 +82,8 @@ module UDAPSecurityTestKit
|
|
|
82
82
|
}
|
|
83
83
|
},
|
|
84
84
|
outputs: {
|
|
85
|
-
|
|
86
|
-
name: :
|
|
87
|
-
},
|
|
88
|
-
udap_client_private_key_pem: {
|
|
89
|
-
name: :udap_client_credentials_flow_client_private_key
|
|
90
|
-
},
|
|
91
|
-
udap_cert_iss: {
|
|
92
|
-
name: :udap_cert_iss_client_creds_flow
|
|
85
|
+
udap_client_id: {
|
|
86
|
+
name: :udap_client_credentials_flow_client_id
|
|
93
87
|
}
|
|
94
88
|
}
|
|
95
89
|
} do
|
|
File without changes
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
require_relative 'version'
|
|
2
|
+
|
|
3
|
+
module UDAPSecurityTestKit
|
|
4
|
+
class Metadata < Inferno::TestKit
|
|
5
|
+
id :udap_security
|
|
6
|
+
title 'UDAP Security'
|
|
7
|
+
description <<~DESCRIPTION
|
|
8
|
+
This is a collection of tests to verify server conformance to the [HL7 UDAP Security
|
|
9
|
+
STU 1.0 IG](https://hl7.org/fhir/us/udap-security/STU1/index.html)
|
|
10
|
+
<!-- break -->
|
|
11
|
+
Specifically, this test
|
|
12
|
+
kit assesses the required capabilities from the following sections:
|
|
13
|
+
- [JSON Web Token (JWT) Requirements](https://hl7.org/fhir/us/udap-security/STU1/index.html)
|
|
14
|
+
- [Discovery](https://hl7.org/fhir/us/udap-security/STU1/discovery.html)
|
|
15
|
+
- [Dynamic Client Registration](https://hl7.org/fhir/us/udap-security/STU1/registration.html)
|
|
16
|
+
- [Consumer-Facing Authorization & Authentication](https://hl7.org/fhir/us/udap-security/STU1/consumer.html)
|
|
17
|
+
- [Business-to-Business (B2B) Authorization & Authentication](https://hl7.org/fhir/us/udap-security/STU1/b2b.html)
|
|
18
|
+
|
|
19
|
+
[Tiered OAuth for User
|
|
20
|
+
Authentication](https://hl7.org/fhir/us/udap-security/STU1/user.html) is not a
|
|
21
|
+
required capability and is not assessed.
|
|
22
|
+
This test kit also does not assess client conformance.
|
|
23
|
+
DESCRIPTION
|
|
24
|
+
suite_ids [:udap_security]
|
|
25
|
+
tags ['UDAP Security']
|
|
26
|
+
last_updated '2025-01-09'
|
|
27
|
+
version VERSION
|
|
28
|
+
maturity 'Low'
|
|
29
|
+
authors 'inferno@groups.mitre.org'
|
|
30
|
+
repo 'https://github.com/inferno-framework/udap-security-test-kit'
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -21,7 +21,7 @@ module UDAPSecurityTestKit
|
|
|
21
21
|
|
|
22
22
|
x5c_certs_encoded = x5c_certs_pem_string.map do |cert|
|
|
23
23
|
cert_pem = OpenSSL::X509::Certificate.new(cert)
|
|
24
|
-
Base64.
|
|
24
|
+
Base64.strict_encode64(cert_pem.to_der)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
JWT.encode payload, private_key, alg, { x5c: x5c_certs_encoded }
|
|
@@ -1,13 +1,12 @@
|
|
|
1
1
|
require_relative 'udap_security_test_kit/authorization_code_group'
|
|
2
2
|
require_relative 'udap_security_test_kit/client_credentials_group'
|
|
3
|
-
require_relative 'udap_security_test_kit/version'
|
|
4
3
|
require_relative 'udap_security_test_kit/redirect_uri'
|
|
4
|
+
require_relative 'udap_security_test_kit/metadata'
|
|
5
5
|
|
|
6
6
|
module UDAPSecurityTestKit
|
|
7
7
|
class Suite < Inferno::TestSuite
|
|
8
8
|
id :udap_security
|
|
9
9
|
title 'UDAP Security'
|
|
10
|
-
version VERSION
|
|
11
10
|
description %(
|
|
12
11
|
The User Data Access Protocol (UDAP) Security test kit verifies that systems correctly implement the
|
|
13
12
|
[HL7 UDAP Security IG](http://hl7.org/fhir/us/udap-security/STU1/)
|
|
@@ -52,12 +51,6 @@ module UDAPSecurityTestKit
|
|
|
52
51
|
entries on `grant_type` and `iss` claims for more details.
|
|
53
52
|
)
|
|
54
53
|
|
|
55
|
-
# cert_file = File.read(File.join(File.dirname(__FILE__), 'udap_security_test_kit/certs/InfernoCA.pem'))
|
|
56
|
-
|
|
57
|
-
# cert_file_route_handler = proc { [200, { 'Content-Type' => 'application/x-pem-file' }, [cert_file]] }
|
|
58
|
-
|
|
59
|
-
# route(:get, '/inferno_ca.pem', cert_file_route_handler)
|
|
60
|
-
|
|
61
54
|
resume_test_route :get, '/redirect' do |request|
|
|
62
55
|
request.query_parameters['state']
|
|
63
56
|
end
|
|
@@ -68,20 +61,19 @@ module UDAPSecurityTestKit
|
|
|
68
61
|
|
|
69
62
|
links [
|
|
70
63
|
{
|
|
71
|
-
|
|
72
|
-
url: 'https://github.com/inferno-framework/udap-security-test-kit/issues'
|
|
73
|
-
},
|
|
74
|
-
{
|
|
64
|
+
type: 'source_code',
|
|
75
65
|
label: 'Open Source',
|
|
76
|
-
url: 'https://github.com/inferno-framework/udap-security-test-kit'
|
|
66
|
+
url: 'https://github.com/inferno-framework/udap-security-test-kit/'
|
|
77
67
|
},
|
|
78
68
|
{
|
|
79
|
-
|
|
80
|
-
|
|
69
|
+
type: 'report_issue',
|
|
70
|
+
label: 'Report Issue',
|
|
71
|
+
url: 'https://github.com/inferno-framework/udap-security-test-kit/issues/'
|
|
81
72
|
},
|
|
82
73
|
{
|
|
83
|
-
|
|
84
|
-
|
|
74
|
+
type: 'download',
|
|
75
|
+
label: 'Download',
|
|
76
|
+
url: 'https://github.com/inferno-framework/udap-security-test-kit/releases/'
|
|
85
77
|
}
|
|
86
78
|
]
|
|
87
79
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: udap_security_test_kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.11.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen MacVicar
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2025-
|
|
12
|
+
date: 2025-03-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: inferno_core
|
|
@@ -17,14 +17,14 @@ dependencies:
|
|
|
17
17
|
requirements:
|
|
18
18
|
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
|
-
version: 0.
|
|
20
|
+
version: 0.6.1
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
25
|
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: 0.
|
|
27
|
+
version: 0.6.1
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
29
|
name: jwt
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -47,6 +47,7 @@ extensions: []
|
|
|
47
47
|
extra_rdoc_files: []
|
|
48
48
|
files:
|
|
49
49
|
- LICENSE
|
|
50
|
+
- config/presets/SureFhirIdentityMatchingDemo.json
|
|
50
51
|
- lib/udap_security_test_kit.rb
|
|
51
52
|
- lib/udap_security_test_kit/authorization_code_authentication_group.rb
|
|
52
53
|
- lib/udap_security_test_kit/authorization_code_group.rb
|
|
@@ -65,8 +66,9 @@ files:
|
|
|
65
66
|
- lib/udap_security_test_kit/default_cert_file_loader.rb
|
|
66
67
|
- lib/udap_security_test_kit/discovery_group.rb
|
|
67
68
|
- lib/udap_security_test_kit/dynamic_client_registration_group.rb
|
|
68
|
-
- lib/udap_security_test_kit/generate_client_certs_test.rb
|
|
69
69
|
- lib/udap_security_test_kit/grant_types_supported_field_test.rb
|
|
70
|
+
- lib/udap_security_test_kit/igs/put_ig_package_dot_tgz_here
|
|
71
|
+
- lib/udap_security_test_kit/metadata.rb
|
|
70
72
|
- lib/udap_security_test_kit/redirect_uri.rb
|
|
71
73
|
- lib/udap_security_test_kit/reg_endpoint_jwt_signing_alg_values_supported_field_test.rb
|
|
72
74
|
- lib/udap_security_test_kit/registration_endpoint_field_test.rb
|
|
@@ -103,6 +105,7 @@ licenses:
|
|
|
103
105
|
metadata:
|
|
104
106
|
homepage_uri: https://github.com/inferno-framework/udap-security-test-kit
|
|
105
107
|
source_code_uri: https://github.com/inferno-framework/udap-security-test-kit
|
|
108
|
+
inferno_test_kit: 'true'
|
|
106
109
|
post_install_message:
|
|
107
110
|
rdoc_options: []
|
|
108
111
|
require_paths:
|
|
@@ -111,14 +114,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
111
114
|
requirements:
|
|
112
115
|
- - ">="
|
|
113
116
|
- !ruby/object:Gem::Version
|
|
114
|
-
version: 3.
|
|
117
|
+
version: 3.3.6
|
|
115
118
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
116
119
|
requirements:
|
|
117
120
|
- - ">="
|
|
118
121
|
- !ruby/object:Gem::Version
|
|
119
122
|
version: '0'
|
|
120
123
|
requirements: []
|
|
121
|
-
rubygems_version: 3.
|
|
124
|
+
rubygems_version: 3.5.22
|
|
122
125
|
signing_key:
|
|
123
126
|
specification_version: 4
|
|
124
127
|
summary: UDAP Security IG Test Kit
|
|
@@ -1,60 +0,0 @@
|
|
|
1
|
-
require_relative 'udap_x509_certificate'
|
|
2
|
-
require_relative 'default_cert_file_loader'
|
|
3
|
-
|
|
4
|
-
module UDAPSecurityTestKit
|
|
5
|
-
class GenerateClientCertsTest < Inferno::Test
|
|
6
|
-
title 'Generate Client Certificates'
|
|
7
|
-
id :udap_generate_client_certs
|
|
8
|
-
description %(
|
|
9
|
-
This test may be included in test groups to generate and output a new client certificate for use in UDAP dynamic
|
|
10
|
-
client registration or authentication/authorization tests.
|
|
11
|
-
)
|
|
12
|
-
|
|
13
|
-
input :udap_client_cert_pem,
|
|
14
|
-
title: 'X.509 Client Certificate(s) (PEM Format)',
|
|
15
|
-
description: %(
|
|
16
|
-
A list of one or more X.509 certificates in PEM format separated by a newline. The first (leaf) certificate
|
|
17
|
-
MUST represent the client entity and the certificate chain must resolve to a CA trusted by the authorization
|
|
18
|
-
server under test.
|
|
19
|
-
Will be auto-generated if left blank.
|
|
20
|
-
),
|
|
21
|
-
type: 'textarea',
|
|
22
|
-
optional: true
|
|
23
|
-
|
|
24
|
-
input :udap_client_private_key_pem,
|
|
25
|
-
title: 'Client Private Key (PEM Format)',
|
|
26
|
-
description: %(
|
|
27
|
-
The private key corresponding to the client certificate used for registration, in PEM format. Used to sign
|
|
28
|
-
registration and/or authentication JWTs.
|
|
29
|
-
Will be auto-generated if left blank.
|
|
30
|
-
),
|
|
31
|
-
type: 'textarea',
|
|
32
|
-
optional: true
|
|
33
|
-
|
|
34
|
-
input :udap_cert_iss,
|
|
35
|
-
title: 'JWT Issuer (iss) Claim',
|
|
36
|
-
description: %(
|
|
37
|
-
MUST correspond to a unique URI entry in the Subject Alternative Name (SAN) extension of the client
|
|
38
|
-
certificate used for registration.
|
|
39
|
-
Will be auto-generated with the client cert if left blank.
|
|
40
|
-
),
|
|
41
|
-
optional: true
|
|
42
|
-
|
|
43
|
-
output :udap_cert_iss
|
|
44
|
-
output :udap_client_cert_pem
|
|
45
|
-
output :udap_client_private_key_pem
|
|
46
|
-
|
|
47
|
-
run do
|
|
48
|
-
omit_if udap_client_cert_pem.present? && udap_client_private_key_pem.present?,
|
|
49
|
-
'User has opted to provide client certs'
|
|
50
|
-
|
|
51
|
-
signing_key = DefaultCertFileLoader.load_default_ca_private_key_file
|
|
52
|
-
|
|
53
|
-
cert = UDAPX509Certificate.new(DefaultCertFileLoader.load_default_ca_pem_file, signing_key)
|
|
54
|
-
|
|
55
|
-
output udap_cert_iss: cert.san
|
|
56
|
-
output udap_client_cert_pem: cert.cert.to_pem
|
|
57
|
-
output udap_client_private_key_pem: cert.cert_private_key.to_pem
|
|
58
|
-
end
|
|
59
|
-
end
|
|
60
|
-
end
|