directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject directory-kerby git commit: Adding some JWT tests
Date Wed, 21 Oct 2015 16:50:01 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 49482c42e -> b4c2b2ddd


Adding some JWT tests


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b4c2b2dd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b4c2b2dd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b4c2b2dd

Branch: refs/heads/master
Commit: b4c2b2ddd00aa972c192f1f8097344442d237e49
Parents: 49482c4
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Oct 21 17:49:52 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Oct 21 17:49:52 2015 +0100

----------------------------------------------------------------------
 .../kerberos/kdc/WithAccessTokenKdcTest.java    | 69 ++++++++++++++++++--
 .../kerberos/kdc/WithIdentityTokenKdcTest.java  | 63 +++++++++++++++++-
 .../kerberos/kdc/WithTokenKdcTestBase.java      | 32 +++++----
 .../kerb/server/preauth/token/TokenPreauth.java |  2 +-
 4 files changed, 143 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index d815e37..d623098 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -19,7 +19,13 @@
  */
 package org.apache.kerby.kerberos.kdc;
 
+import java.io.InputStream;
+import java.security.PrivateKey;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
 import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.junit.Assert;
 import org.junit.Test;
 
 public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
@@ -27,12 +33,65 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
     @Test
     public void testRequestServiceTicketWithAccessToken() throws Exception {
         prepareToken(getServerPrincipal());
+        performTest();
+    }
+    
+    @Test
+    public void testBadIssuer() throws Exception {
+        InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+        PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+        prepareToken(getServerPrincipal(), "oauth1.com", AUDIENCE, privateKey);
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on a bad issuer value");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
+    // TODO - not failing yet.
+    @Test
+    @org.junit.Ignore
+    public void testBadAudienceRestriction() throws Exception {
+        InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+        PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+        prepareToken(getServerPrincipal(), ISSUER, "krbtgt2@EXAMPLE.COM", privateKey);
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on a bad audience restriction value");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
+    // TODO - not failing yet.
+    @Test
+    @org.junit.Ignore
+    public void testUnsignedToken() throws Exception {
+        prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, null);
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on an unsigned token");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
+    private void performTest() throws Exception {
         createCredentialCache(getClientPrincipal(), getClientPassword());
 
-        ServiceTicket serviceTicket = getKrbClient().requestServiceTicketWithAccessToken(
-            getKrbToken(), getServerPrincipal(), getcCacheFile().getPath());
-        verifyTicket(serviceTicket);
-
-        deleteCcacheFile();
+        try {
+            ServiceTicket serviceTicket = getKrbClient().requestServiceTicketWithAccessToken(
+                getKrbToken(), getServerPrincipal(), getcCacheFile().getPath());
+            verifyTicket(serviceTicket);
+        } finally {
+            deleteCcacheFile();
+        }
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 045da51..73e7820 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -20,11 +20,14 @@
 package org.apache.kerby.kerberos.kdc;
 
 import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
 import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.junit.Assert;
 import org.junit.Test;
 
-import static org.assertj.core.api.Assertions.assertThat;
+import java.io.InputStream;
+import java.security.PrivateKey;
 
 public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
 
@@ -32,6 +35,58 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
     public void testKdc() throws Exception {
 
         prepareToken(null);
+        performTest();
+    }
+    
+    @Test
+    public void testBadIssuer() throws Exception {
+        InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+        PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+        prepareToken(null, "oauth1.com", AUDIENCE, privateKey);
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on a bad issuer value");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
+    // TODO - not failing yet.
+    @Test
+    @org.junit.Ignore
+    public void testBadAudienceRestriction() throws Exception {
+        InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+        PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+        prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", privateKey);
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on a bad audience restriction value");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
+    // TODO - not failing yet.
+    @Test
+    @org.junit.Ignore
+    public void testUnsignedToken() throws Exception {
+        prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", null);
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on an unsigned token");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
+    private void performTest() throws Exception {
+
         createCredentialCache(getClientPrincipal(), getClientPassword());
 
         TgtTicket tgt = null;
@@ -39,8 +94,10 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
             tgt = getKrbClient().requestTgtWithToken(getKrbToken(),
                     getcCacheFile().getPath());
         } catch (KrbException e) {
-            assertThat(e.getMessage().contains("timeout")).isTrue();
-            return;
+            if (e.getMessage().contains("timeout")) {
+                return;
+            }
+            throw e;
         }
         verifyTicket(tgt);
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 9c0a8a2..8db50f9 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -40,7 +40,6 @@ import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateKey;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -77,10 +76,23 @@ public class WithTokenKdcTestBase extends KdcTestBase {
     protected File getcCacheFile() {
         return cCacheFile;
     }
-
+    
     protected AuthToken prepareToken(String servicePrincipal) {
+        InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+        PrivateKey privateKey = null;
+        try {
+            privateKey = PrivateKeyReader.loadPrivateKey(is);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        return prepareToken(servicePrincipal, ISSUER, AUDIENCE, privateKey);
+    }
+    
+    protected AuthToken prepareToken(String servicePrincipal, String issuer, String audience,

+                                     PrivateKey signingKey) {
         AuthToken authToken = KrbRuntime.getTokenProvider().createTokenFactory().createToken();
-        authToken.setIssuer(ISSUER);
+        authToken.setIssuer(issuer);
         authToken.setSubject(SUBJECT);
 
         authToken.addAttribute("group", GROUP);
@@ -90,7 +102,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
         if (servicePrincipal != null) {
             aud.add(servicePrincipal);
         }
-        aud.add(AUDIENCE);
+        aud.add(audience);
         authToken.setAudiences(aud);
 
         // Set expiration in 60 minutes
@@ -106,16 +118,8 @@ public class WithTokenKdcTestBase extends KdcTestBase {
 
         TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
 
-        if (tokenEncoder instanceof JwtTokenEncoder) {
-            InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
-            PrivateKey privateKey = null;
-            try {
-                privateKey = PrivateKeyReader.loadPrivateKey(is);
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-
-            ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) privateKey);
+        if (tokenEncoder instanceof JwtTokenEncoder && signingKey != null) {
+            ((JwtTokenEncoder) tokenEncoder).setSignKey(signingKey);
         }
 
         krbToken = new KrbToken();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index e5154ad..2e8e860 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -76,7 +76,7 @@ public class TokenPreauth extends AbstractPreauthPlugin {
             TokenInfo tokenInfo = paTokenRequest.getTokenInfo();
             String issuer = tokenInfo.getTokenVendor();
             if (!(issuers.contains(issuer))) {
-                throw new KrbException("Unconfigured issuer:" + issuer);
+                throw new KrbException("Unconfigured issuer: " + issuer);
             }
             TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
             if (tokenDecoder instanceof JwtTokenDecoder) {


Mime
View raw message