Negative Test : Add invalid s_hash to ID token

Thus create a failcase to check that the client calls the token endpoint with invalid s_hash

Implement a runinbackground() call so that the test suite passes.

Closes #416 (closed)

src/main/java/io/fintechlabs/testframework/openbanking/AbstractFAPIOBClientTestCodeIdToken.java

@@ -4,7 +4,45 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import io.fintechlabs.testframework.condition.as.*;
+import io.fintechlabs.testframework.condition.as.AddACRClaimToIdTokenClaims;
+import io.fintechlabs.testframework.condition.as.AddCHashToIdTokenClaims;
+import io.fintechlabs.testframework.condition.as.AddOBIntentIdToIdTokenClaims;
+import io.fintechlabs.testframework.condition.as.AddResponseTypeCodeIdTokenToServerConfiguration;
+import io.fintechlabs.testframework.condition.as.AddSHashToIdTokenClaims;
+import io.fintechlabs.testframework.condition.as.AddTokenEndpointSigningAlg;
+import io.fintechlabs.testframework.condition.as.CalculateCHash;
+import io.fintechlabs.testframework.condition.as.CalculateSHash;
+import io.fintechlabs.testframework.condition.as.CheckForClientCertificate;
+import io.fintechlabs.testframework.condition.as.CopyAccessTokenToClientCredentialsField;
+import io.fintechlabs.testframework.condition.as.CreateAuthorizationCode;
+import io.fintechlabs.testframework.condition.as.CreateFapiInteractionIdIfNeeded;
+import io.fintechlabs.testframework.condition.as.CreateTokenEndpointResponse;
+import io.fintechlabs.testframework.condition.as.EnsureAuthorizationParametersMatchRequestObject;
+import io.fintechlabs.testframework.condition.as.EnsureClientCertificateMatches;
+import io.fintechlabs.testframework.condition.as.EnsureMatchingClientId;
+import io.fintechlabs.testframework.condition.as.EnsureMatchingRedirectUri;
+import io.fintechlabs.testframework.condition.as.EnsureMinimumKeyLength;
+import io.fintechlabs.testframework.condition.as.EnsureOpenIDInScopeRequest;
+import io.fintechlabs.testframework.condition.as.EnsureResponseTypeIsCodeIdToken;
+import io.fintechlabs.testframework.condition.as.ExtractClientCertificateFromTokenEndpointRequestHeaders;
+import io.fintechlabs.testframework.condition.as.ExtractNonceFromAuthorizationRequest;
+import io.fintechlabs.testframework.condition.as.ExtractOBIntentId;
+import io.fintechlabs.testframework.condition.as.ExtractRequestObject;
+import io.fintechlabs.testframework.condition.as.ExtractRequestedScopes;
+import io.fintechlabs.testframework.condition.as.ExtractServerSigningAlg;
+import io.fintechlabs.testframework.condition.as.FAPIValidateRequestObjectSigningAlg;
+import io.fintechlabs.testframework.condition.as.FilterUserInfoForScopes;
+import io.fintechlabs.testframework.condition.as.GenerateBearerAccessToken;
+import io.fintechlabs.testframework.condition.as.GenerateIdTokenClaims;
+import io.fintechlabs.testframework.condition.as.GenerateServerConfigurationMTLS;
+import io.fintechlabs.testframework.condition.as.LoadServerJWKs;
+import io.fintechlabs.testframework.condition.as.RedirectBackToClientWithAuthorizationCodeAndIdToken;
+import io.fintechlabs.testframework.condition.as.SignIdToken;
+import io.fintechlabs.testframework.condition.as.ValidateAuthorizationCode;
+import io.fintechlabs.testframework.condition.as.ValidateRedirectUri;
+import io.fintechlabs.testframework.condition.as.ValidateRequestObjectClaims;
+import io.fintechlabs.testframework.condition.as.ValidateRequestObjectExp;
+import io.fintechlabs.testframework.condition.as.ValidateRequestObjectSignature;
 import io.fintechlabs.testframework.condition.client.FAPIValidateRequestObjectIdTokenACRClaims;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.springframework.http.HttpStatus;
@@ -317,7 +355,6 @@ public abstract class AbstractFAPIOBClientTestCodeIdToken extends AbstractTestMo
 
 		callAndStopOnFailure(ExtractRequestedScopes.class);
 
-		callAndStopOnFailure(EnsureOpenIDInScopeRequest.class, "FAPI-R-5.2.3-7");
 		callAndStopOnFailure(EnsureOpenIDInScopeRequest.class, "FAPI-R-5.2.3-7");
 
 		callAndStopOnFailure(ExtractNonceFromAuthorizationRequest.class, "FAPI-R-5.2.3-8");
@@ -354,6 +391,12 @@ public abstract class AbstractFAPIOBClientTestCodeIdToken extends AbstractTestMo
 
 		call(exec().unmapKey("authorization_endpoint_request").endBlock());
 
+		getTestExecutionManager().runInBackground(() -> {
+			Thread.sleep(5 * 1000);
+			fireTestFinished();
+			return "done";
+		});
+
 		return new RedirectView(redirectTo, false, false, false);
 
 	}