cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Adding JWT Authorization Grant tests
Date Thu, 10 Dec 2015 17:27:39 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 00d4e973d -> f346c8054


Adding JWT Authorization Grant tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f346c805
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f346c805
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f346c805

Branch: refs/heads/master
Commit: f346c80548cb96ad9021b4e02a352c7f3f4258bc
Parents: 00d4e97
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Dec 10 17:27:06 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Dec 10 17:27:06 2015 +0000

----------------------------------------------------------------------
 .../grants/AuthorizationGrantNegativeTest.java  | 171 ++++++++++++++++++-
 .../oauth2/grants/AuthorizationGrantTest.java   |   1 +
 2 files changed, 164 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f346c805/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
index 09c0cb1..3da9604 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantNegativeTest.java
@@ -21,8 +21,11 @@ package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
 
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.Collections;
+import java.util.Date;
 import java.util.List;
+import java.util.Properties;
 
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.Response;
@@ -30,6 +33,12 @@ import javax.ws.rs.core.Response;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.provider.json.JSONProvider;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
@@ -233,9 +242,12 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
             // expected
         }
     }
-    /*
+    
+    //
+    // JWT Authorization grants
+    //
     @org.junit.Test
-    public void testJWTAuthorizationGrant() throws Exception {
+    public void testJWTUnsigned() throws Exception {
         URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
         
         String address = "https://localhost:" + PORT + "/services/";
@@ -243,6 +255,35 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
         
         // Create the JWT Token
         String token = createToken("DoubleItSTSIssuer", "consumer-id", 
+                                   "https://localhost:" + PORT + "/services/token", true,
false);
+        
+        // Get Access Token
+        client.type("application/x-www-form-urlencoded").accept("application/json");
+        client.path("token");
+        
+        Form form = new Form();
+        form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
+        form.param("assertion", token);
+        form.param("client_id", "consumer-id");
+        Response response = client.post(form);
+        
+        try {
+            response.readEntity(ClientAccessToken.class);
+            fail("Failure expected on an unsigned token");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    @org.junit.Test
+    public void testJWTNoIssuer() throws Exception {
+        URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, setupProviders(), "alice", "security",
busFile.toString());
+        
+        // Create the JWT Token
+        String token = createToken(null, "consumer-id", 
                                    "https://localhost:" + PORT + "/services/token", true,
true);
 
         // Get Access Token
@@ -255,11 +296,126 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
         form.param("client_id", "consumer-id");
         Response response = client.post(form);
         
-        ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
-        assertNotNull(accessToken.getTokenKey());
-        assertNotNull(accessToken.getRefreshToken());
+        try {
+            response.readEntity(ClientAccessToken.class);
+            fail("Failure expected on no issuer");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    @org.junit.Test
+    public void testJWTNoExpiry() throws Exception {
+        URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, setupProviders(), "alice", "security",
busFile.toString());
+        
+        // Create the JWT Token
+        String token = createToken("DoubleItSTSIssuer", "consumer-id", 
+                                   "https://localhost:" + PORT + "/services/token", false,
true);
+
+        // Get Access Token
+        client.type("application/x-www-form-urlencoded").accept("application/json");
+        client.path("token");
+        
+        Form form = new Form();
+        form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
+        form.param("assertion", token);
+        form.param("client_id", "consumer-id");
+        Response response = client.post(form);
+        
+        try {
+            response.readEntity(ClientAccessToken.class);
+            fail("Failure expected on no expiry");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    @org.junit.Test
+    public void testJWTBadAudienceRestriction() throws Exception {
+        URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, setupProviders(), "alice", "security",
busFile.toString());
+        
+        // Create the JWT Token
+        String token = createToken("DoubleItSTSIssuer", "consumer-id", 
+                                   "https://localhost:" + PORT + "/services/badtoken", true,
true);
+
+        // Get Access Token
+        client.type("application/x-www-form-urlencoded").accept("application/json");
+        client.path("token");
+        
+        Form form = new Form();
+        form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
+        form.param("assertion", token);
+        form.param("client_id", "consumer-id");
+        Response response = client.post(form);
+        
+        try {
+            response.readEntity(ClientAccessToken.class);
+            fail("Failure expected on a bad audience restriction");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    @org.junit.Test
+    public void testJWTUnauthenticatedSignature() throws Exception {
+        URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, setupProviders(), "alice", "security",
busFile.toString());
+        
+        // Create the JWT Token
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject("consumer-id");
+        claims.setIssuer("DoubleItSTSIssuer");
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        Calendar cal = Calendar.getInstance();
+        cal.add(Calendar.SECOND, 60);
+        claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
+        String audience = "https://localhost:" + PORT + "/services/token";
+        claims.setAudiences(Collections.singletonList(audience));
+        
+        // Sign the JWT Token
+        Properties signingProperties = new Properties();
+        signingProperties.put("rs.security.keystore.type", "jks");
+        signingProperties.put("rs.security.keystore.password", "security");
+        signingProperties.put("rs.security.keystore.alias", "smallkey");
+        signingProperties.put("rs.security.keystore.file", 
+            "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
+        signingProperties.put("rs.security.key.password", "security");
+        signingProperties.put("rs.security.signature.algorithm", "RS256");
+
+        JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
+        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+
+        JwsSignatureProvider sigProvider = 
+            JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
+
+        String token = jws.signWith(sigProvider);
+        
+        // Get Access Token
+        client.type("application/x-www-form-urlencoded").accept("application/json");
+        client.path("token");
+        
+        Form form = new Form();
+        form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
+        form.param("assertion", token);
+        form.param("client_id", "consumer-id");
+        Response response = client.post(form);
+        
+        try {
+            response.readEntity(ClientAccessToken.class);
+            fail("Failure expected on an unauthenticated token");
+        } catch (Exception ex) {
+            // expected
+        }
     }
-    */
     
     private List<Object> setupProviders() {
         List<Object> providers = new ArrayList<Object>();
@@ -298,7 +454,7 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
         
         return samlAssertion.assertionToString();
     }
-    /*
+    
     private String createToken(String issuer, String subject, String audience, 
                                boolean expiry, boolean sign) {
         // Create the JWT Token
@@ -341,5 +497,4 @@ public class AuthorizationGrantNegativeTest extends AbstractBusClientServerTestB
         JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
         return jws.getSignedEncodedJws();
     }
-    */
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f346c805/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index fad85b4..8ce2a30 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -319,6 +319,7 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase
{
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
     }
+    
     private String getAuthorizationCode(WebClient client) {
         return getAuthorizationCode(client, null);
     }


Mime
View raw message