syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject syncope git commit: Adding some negative tests for JWT third party tokens
Date Wed, 05 Jul 2017 11:29:37 GMT
Repository: syncope
Updated Branches:
  refs/heads/master ffb78c087 -> 2035f6b4d


Adding some negative tests for JWT third party tokens


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2035f6b4
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2035f6b4
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2035f6b4

Branch: refs/heads/master
Commit: 2035f6b4d7d9d3624e6c52a070f081dd54835606
Parents: ffb78c0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jul 5 11:53:45 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jul 5 11:53:45 2017 +0100

----------------------------------------------------------------------
 .../org/apache/syncope/fit/core/JWTITCase.java  | 106 +++++++++++++++++++
 1 file changed, 106 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/2035f6b4/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index ef122f6..4d9e050 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -420,4 +420,110 @@ public class JWTITCase extends AbstractITCase {
         assertFalse(self.getLeft().isEmpty());
         assertEquals("puccini", self.getRight().getUsername());
     }
+
+    @Test
+    public void thirdPartyTokenUnknownUser() throws ParseException {
+        // Create a new token
+        Date now = new Date();
+
+        Calendar expiry = Calendar.getInstance();
+        expiry.setTime(now);
+        expiry.add(Calendar.MINUTE, 5);
+
+        JwtClaims jwtClaims = new JwtClaims();
+        jwtClaims.setTokenId(UUID.randomUUID().toString());
+        jwtClaims.setSubject("strauss@apache.org");
+        jwtClaims.setIssuedAt(now.getTime());
+        jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
+        jwtClaims.setExpiryTime(expiry.getTime().getTime());
+        jwtClaims.setNotBefore(now.getTime());
+
+        JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
+        JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+        JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+        JwsSignatureProvider jwsSignatureProvider =
+                new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(),
SignatureAlgorithm.HS512);
+        String signed = producer.signWith(jwsSignatureProvider);
+
+        SyncopeClient jwtClient = clientFactory.create(signed);
+
+        try {
+            jwtClient.self();
+            fail("Failure expected on an unknown subject");
+        } catch (AccessControlException ex) {
+            // expected
+        }
+    }
+
+    @Test
+    public void thirdPartyTokenUnknownIssuer() throws ParseException {
+        // Create a new token
+        Date now = new Date();
+
+        Calendar expiry = Calendar.getInstance();
+        expiry.setTime(now);
+        expiry.add(Calendar.MINUTE, 5);
+
+        JwtClaims jwtClaims = new JwtClaims();
+        jwtClaims.setTokenId(UUID.randomUUID().toString());
+        jwtClaims.setSubject("puccini@apache.org");
+        jwtClaims.setIssuedAt(now.getTime());
+        jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER + "_");
+        jwtClaims.setExpiryTime(expiry.getTime().getTime());
+        jwtClaims.setNotBefore(now.getTime());
+
+        JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
+        JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+        JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+        JwsSignatureProvider jwsSignatureProvider =
+                new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(),
SignatureAlgorithm.HS512);
+        String signed = producer.signWith(jwsSignatureProvider);
+
+        SyncopeClient jwtClient = clientFactory.create(signed);
+
+        try {
+            jwtClient.self();
+            fail("Failure expected on an unknown issuer");
+        } catch (AccessControlException ex) {
+            // expected
+        }
+    }
+
+    @Test
+    public void thirdPartyTokenBadSignature() throws ParseException {
+        // Create a new token
+        Date now = new Date();
+
+        Calendar expiry = Calendar.getInstance();
+        expiry.setTime(now);
+        expiry.add(Calendar.MINUTE, 5);
+
+        JwtClaims jwtClaims = new JwtClaims();
+        jwtClaims.setTokenId(UUID.randomUUID().toString());
+        jwtClaims.setSubject("puccini@apache.org");
+        jwtClaims.setIssuedAt(now.getTime());
+        jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
+        jwtClaims.setExpiryTime(expiry.getTime().getTime());
+        jwtClaims.setNotBefore(now.getTime());
+
+        JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
+        JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+        JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+        JwsSignatureProvider jwsSignatureProvider =
+                new HmacJwsSignatureProvider((CustomJWTSSOProvider.CUSTOM_KEY + "_").getBytes(),
SignatureAlgorithm.HS512);
+        String signed = producer.signWith(jwsSignatureProvider);
+
+        SyncopeClient jwtClient = clientFactory.create(signed);
+
+        try {
+            jwtClient.self();
+            fail("Failure expected on a bad signature");
+        } catch (AccessControlException ex) {
+            // expected
+        }
+    }
+
 }


Mime
View raw message