cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Checking the access token hash in the tests
Date Thu, 19 May 2016 16:55:17 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 96e016eb4 -> 55829d69d


Checking the access token hash in the tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55829d69
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55829d69
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55829d69

Branch: refs/heads/3.1.x-fixes
Commit: 55829d69db9c132f72eab41baff6b6da6d1869e5
Parents: 96e016e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu May 19 17:15:51 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu May 19 17:53:28 2016 +0100

----------------------------------------------------------------------
 .../java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java   | 5 ++++-
 .../apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java    | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/55829d69/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 26e8bcb..b29e16a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -114,8 +114,11 @@ public final class OidcUtils {
         validateAccessTokenHash(at, jwt, true);
     }
     public static void validateAccessTokenHash(ClientAccessToken at, JwtToken jwt, boolean
required) {
+        validateAccessTokenHash(at.getTokenKey(), jwt, required);
+    }
+    public static void validateAccessTokenHash(String accessToken, JwtToken jwt, boolean
required) {
         if (required) {
-            validateHash(at.getTokenKey(),
+            validateHash(accessToken,
                          (String)jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM),
                          jwt.getJwsHeaders().getSignatureAlgorithm());
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/55829d69/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
index d4ebb9c..bcf0db6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.java
@@ -44,6 +44,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
 import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -368,6 +369,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         JwtToken jwt = jwtConsumer.getJwtToken();
         Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
         Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.NONCE_CLAIM));
+        OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
     }
     
     @org.junit.Test
@@ -551,6 +553,7 @@ public class OIDCFlowTest extends AbstractBusClientServerTestBase {
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
         JwtToken jwt = jwtConsumer.getJwtToken();
         Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.ACCESS_TOKEN_HASH_CLAIM));
+        OidcUtils.validateAccessTokenHash(accessToken, jwt, true);
         // TODO Assert.assertNotNull(jwt.getClaims().getClaim(IdToken.AUTH_CODE_HASH_CLAIM));
     }
     


Mime
View raw message