udap_security_test_kit 0.9.0

data/lib/udap_security_test_kit.rb

@@ -0,0 +1,63 @@
+require_relative 'udap_security_test_kit/authorization_code_group'
+require_relative 'udap_security_test_kit/client_credentials_group'
+require_relative 'udap_security_test_kit/version'
+
+module UDAPSecurityTestKit
+  class Suite < Inferno::TestSuite
+    id :udap_security
+    title 'UDAP Security'
+    version VERSION
+    description %(
+      The User Data Access Protocol (UDAP) Security test kit verifies that systems correctly implement the
+      [HL7 UDAP Security IG](http://hl7.org/fhir/us/udap-security/STU1/)
+      for extending OAuth 2.0 using UDAP workflows.
+
+      There are three steps to the UDAP workflow:
+      1. Discovery
+      2. Dynamic Client Registration
+      3. Authorization & Authentication
+
+      These steps are grouped by the OAuth2.0 flow being tested:
+      1. Authorization Code flow, which supports
+        [Consumer-Facing](https://hl7.org/fhir/us/udap-security/STU1/consumer.html) or [Business-to-Business (B2B)](https://hl7.org/fhir/us/udap-security/STU1/b2b.html)
+        use cases
+      2. Client Credentials flow, which only supports the
+      [B2B](https://hl7.org/fhir/us/udap-security/STU1/b2b.html) use case
+
+      Testers may test one or both flows based on their system under test.
+    )
+
+    input_instructions %(
+      This menu will execute tests for both OAuth flows.
+
+      **Discovery Tests**
+
+      #{DiscoveryGroup.discovery_group_input_instructions}
+
+      **Dynamic Client Registration Tests**
+
+      A single logical UDAP client cannot register itself for both `authorization_code` and `client_credentials` grant
+      types.
+      Inferno will therefore represent a distinct logical client for each OAuth flow and requires a unique issuer URI
+      value for each flow's registration step.
+      If the provided client certificate has more than one URI entry in its Subject Alternative Name (SAN) extension,
+      client certificates may be reused for each flow. If not, each auth flow will require its own client certificate.
+
+      Please refer to the [UDAP Dynamic Client Registration IG Section 3.1](https://hl7.org/fhir/us/udap-security/STU1/registration.html#software-statement)
+      entries on `grant_type` and `iss` claims for more details.
+    )
+
+    # cert_file = File.read(File.join(File.dirname(__FILE__), 'udap_security_test_kit/certs/InfernoCA.pem'))
+
+    # cert_file_route_handler = proc { [200, { 'Content-Type' => 'application/x-pem-file' }, [cert_file]] }
+
+    # route(:get, '/inferno_ca.pem', cert_file_route_handler)
+
+    resume_test_route :get, '/redirect' do |request|
+      request.query_parameters['state']
+    end
+
+    group from: :udap_authorization_code_group
+    group from: :udap_client_credentials_group
+  end
+end

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification
+name: udap_security_test_kit
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Stephen MacVicar
+- Alisa Wallace
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-08-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: inferno_core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.2
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+description: UDAP Security IG Test Kit
+email:
+- inferno@groups.mitre.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- lib/udap_security_test_kit.rb
+- lib/udap_security_test_kit/authorization_code_authentication_group.rb
+- lib/udap_security_test_kit/authorization_code_group.rb
+- lib/udap_security_test_kit/authorization_code_received_test.rb
+- lib/udap_security_test_kit/authorization_code_redirect_test.rb
+- lib/udap_security_test_kit/authorization_code_token_exchange_test.rb
+- lib/udap_security_test_kit/authorization_endpoint_field_test.rb
+- lib/udap_security_test_kit/certs/InfernoCA.key
+- lib/udap_security_test_kit/certs/InfernoCA.pem
+- lib/udap_security_test_kit/certs/TestClient.pem
+- lib/udap_security_test_kit/certs/TestClientPrivateKey.key
+- lib/udap_security_test_kit/client_credentials_authentication_group.rb
+- lib/udap_security_test_kit/client_credentials_group.rb
+- lib/udap_security_test_kit/client_credentials_token_exchange_test.rb
+- lib/udap_security_test_kit/common_assertions.rb
+- lib/udap_security_test_kit/default_cert_file_loader.rb
+- lib/udap_security_test_kit/discovery_group.rb
+- lib/udap_security_test_kit/dynamic_client_registration_group.rb
+- lib/udap_security_test_kit/generate_client_certs_test.rb
+- lib/udap_security_test_kit/grant_types_supported_field_test.rb
+- lib/udap_security_test_kit/reg_endpoint_jwt_signing_alg_values_supported_field_test.rb
+- lib/udap_security_test_kit/registration_endpoint_field_test.rb
+- lib/udap_security_test_kit/registration_failure_invalid_contents_test.rb
+- lib/udap_security_test_kit/registration_failure_invalid_jwt_signature_test.rb
+- lib/udap_security_test_kit/registration_success_contents_test.rb
+- lib/udap_security_test_kit/registration_success_test.rb
+- lib/udap_security_test_kit/scopes_supported_field_test.rb
+- lib/udap_security_test_kit/signed_metadata_contents_test.rb
+- lib/udap_security_test_kit/signed_metadata_field_test.rb
+- lib/udap_security_test_kit/signed_metadata_trust_verification_test.rb
+- lib/udap_security_test_kit/software_statement_builder.rb
+- lib/udap_security_test_kit/token_endpoint_auth_methods_supported_field_test.rb
+- lib/udap_security_test_kit/token_endpoint_auth_signing_alg_values_supported_field_test.rb
+- lib/udap_security_test_kit/token_endpoint_field_test.rb
+- lib/udap_security_test_kit/token_exchange_response_body_test.rb
+- lib/udap_security_test_kit/token_exchange_response_headers_test.rb
+- lib/udap_security_test_kit/udap_auth_extensions_required_field_test.rb
+- lib/udap_security_test_kit/udap_auth_extensions_supported_field_test.rb
+- lib/udap_security_test_kit/udap_certifications_required_field_test.rb
+- lib/udap_security_test_kit/udap_certifications_supported_field_test.rb
+- lib/udap_security_test_kit/udap_client_assertion_payload_builder.rb
+- lib/udap_security_test_kit/udap_jwt_builder.rb
+- lib/udap_security_test_kit/udap_jwt_validator.rb
+- lib/udap_security_test_kit/udap_profiles_supported_field_test.rb
+- lib/udap_security_test_kit/udap_request_builder.rb
+- lib/udap_security_test_kit/udap_versions_supported_field_test.rb
+- lib/udap_security_test_kit/udap_x509_certificate.rb
+- lib/udap_security_test_kit/version.rb
+- lib/udap_security_test_kit/well_known_endpoint_test.rb
+homepage: https://github.com/inferno-framework/udap-security-test-kit
+licenses:
+- Apache-2.0
+metadata:
+  homepage_uri: https://github.com/inferno-framework/udap-security-test-kit
+  source_code_uri: https://github.com/inferno-framework/udap-security-test-kit
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key:
+specification_version: 4
+summary: UDAP Security IG Test Kit
+test_files: []