cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [4/4] cxf git commit: Adding JWTUtils unit tests + fixing a bug with the TTL validation
Date Tue, 27 Oct 2015 17:10:14 GMT
Adding JWTUtils unit tests + fixing a bug with the TTL validation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6fd3ada7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6fd3ada7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6fd3ada7

Branch: refs/heads/master
Commit: 6fd3ada7af5af1fcb0de337c379e34e7bdb44a56
Parents: 67e48ee
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Oct 27 17:09:07 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Oct 27 17:09:07 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwt/JwtUtils.java      |  24 ++--
 .../cxf/rs/security/jose/jwt/JwtUtilsTest.java  | 144 +++++++++++++++++++
 2 files changed, 159 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6fd3ada7/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index 3f0a27e..9f1c1d6 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
@@ -87,21 +87,27 @@ public final class JwtUtils {
         }
         
         Date createdDate = new Date(issuedAtInSecs * 1000L);
-        if (clockOffset != 0) {
-            // Calculate the time that is allowed for the message to travel
-            createdDate.setTime(createdDate.getTime() - (long)clockOffset * 1000L);
-        }
-        
         Date validCreation = new Date();
-        if (timeToLive != 0) {
-            long currentTime = validCreation.getTime();
-            currentTime -= (long)timeToLive * 1000L;
-            validCreation.setTime(currentTime);
+        long currentTime = validCreation.getTime();
+        if (clockOffset > 0) {
+            validCreation.setTime(currentTime + (long)clockOffset * 1000L);
         }
         
+        // Check to see if the IssuedAt time is in the future
         if (createdDate.after(validCreation)) {
             throw new JwtException("Invalid issuedAt");
         }
+        
+        if (timeToLive > 0) {
+            // Calculate the time that is allowed for the message to travel
+            currentTime -= (long)timeToLive * 1000L;
+            validCreation.setTime(currentTime);
+    
+            // Validate the time it took the message to travel
+            if (createdDate.before(validCreation)) {
+                throw new JwtException("Invalid issuedAt");
+            }
+        }
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6fd3ada7/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
new file mode 100644
index 0000000..9a2050e
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwt/JwtUtilsTest.java
@@ -0,0 +1,144 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt;
+
+import java.util.Calendar;
+import java.util.Date;
+
+import org.junit.Assert;
+
+/**
+ * Some tests for JwtUtils
+ */
+public class JwtUtilsTest extends Assert {
+
+    @org.junit.Test
+    public void testExpiredToken() throws Exception {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject("alice");
+        claims.setIssuer("DoubleItSTSIssuer");
+        
+        // Set the expiry date to be yesterday
+        Calendar cal = Calendar.getInstance();
+        cal.add(Calendar.DATE, -1);
+        claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
+        
+        try {
+            JwtUtils.validateJwtExpiry(claims, 0, true);
+            fail("Failure expected on an expired token");
+        } catch (JwtException ex) {
+            // expected
+        }
+    }
+    
+    @org.junit.Test
+    public void testFutureToken() throws Exception {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject("alice");
+        claims.setIssuer("DoubleItSTSIssuer");
+        
+        // Set the issued date to be in the future
+        Calendar cal = Calendar.getInstance();
+        cal.add(Calendar.DATE, 1);
+        claims.setIssuedAt(cal.getTimeInMillis() / 1000L);
+        
+        try {
+            JwtUtils.validateJwtIssuedAt(claims, 300, 0, true);
+            fail("Failure expected on a token issued in the future");
+        } catch (JwtException ex) {
+            // expected
+        }
+    }
+    
+    @org.junit.Test
+    public void testNearFutureToken() throws Exception {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject("alice");
+        claims.setIssuer("DoubleItSTSIssuer");
+        
+        // Set the issued date to be in the near future
+        Calendar cal = Calendar.getInstance();
+        cal.add(Calendar.SECOND, 30);
+        claims.setIssuedAt(cal.getTimeInMillis() / 1000L);
+        
+        try {
+            JwtUtils.validateJwtIssuedAt(claims, 0, 0, true);
+            fail("Failure expected on a token issued in the future");
+        } catch (JwtException ex) {
+            // expected
+        }
+        
+        // Now set the clock offset
+        JwtUtils.validateJwtIssuedAt(claims, 0, 60, true);
+    }
+    
+    @org.junit.Test
+    public void testNotBefore() throws Exception {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject("alice");
+        claims.setIssuer("DoubleItSTSIssuer");
+        
+        // Set the issued date to be in the near future
+        Calendar cal = Calendar.getInstance();
+        cal.add(Calendar.SECOND, 30);
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        claims.setNotBefore(cal.getTimeInMillis() / 1000L);
+        
+        try {
+            JwtUtils.validateJwtNotBefore(claims, 0, true);
+            fail("Failure expected on not before");
+        } catch (JwtException ex) {
+            // expected
+        }
+        
+        // Now set the clock offset
+        JwtUtils.validateJwtNotBefore(claims, 60, true);
+    }
+    
+    @org.junit.Test
+    public void testIssuedAtTTL() throws Exception {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject("alice");
+        claims.setIssuer("DoubleItSTSIssuer");
+        
+        // Set the issued date to be now
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        
+        // Now test the TTL
+        JwtUtils.validateJwtIssuedAt(claims, 60, 0, true);
+        
+        // Now create the token 70 seconds ago
+        Calendar cal = Calendar.getInstance();
+        cal.add(Calendar.SECOND, -70);
+        claims.setIssuedAt(cal.getTimeInMillis() / 1000L);
+        
+        try {
+            JwtUtils.validateJwtIssuedAt(claims, 60, 0, true);
+            fail("Failure expected on an expired token");
+        } catch (JwtException ex) {
+            // expected
+        }
+    }
+}
+


Mime
View raw message