Search in sources :

Example 11 with Claim

use of com.auth0.android.jwt.Claim in project sda-dropwizard-commons by SDA-SE.

the class AuthRSA256ServiceTest method validTokenWithKeyIdAndIssuerAndConfiguredRequiredIssuer.

@Test
void validTokenWithKeyIdAndIssuerAndConfiguredRequiredIssuer() {
    final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
    String token = createToken(keyPair, ISSUER, KEY_ID, 0, 30);
    keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), ISSUER, KEY_ID));
    final Map<String, Claim> claims = this.service.auth(token);
    assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
    assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
    assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
}
Also used : JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Claim(com.auth0.jwt.interfaces.Claim) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 12 with Claim

use of com.auth0.android.jwt.Claim in project sda-dropwizard-commons by SDA-SE.

the class AuthRSA256ServiceTest method validTokenWithKeyIdAndIssuerAndWillExpire.

@Test
void validTokenWithKeyIdAndIssuerAndWillExpire() throws InterruptedException {
    final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
    String token = createToken(keyPair, ISSUER, KEY_ID, 0, 2);
    keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), ISSUER, KEY_ID));
    final Map<String, Claim> claims = this.service.auth(token);
    assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
    assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
    assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
    TimeUnit.SECONDS.sleep(3);
    assertThatThrownBy(() -> this.service.auth(token)).isInstanceOf(JwtAuthException.class);
}
Also used : JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Claim(com.auth0.jwt.interfaces.Claim) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 13 with Claim

use of com.auth0.android.jwt.Claim in project sda-dropwizard-commons by SDA-SE.

the class OpaAuthFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    Span span = tracer.buildSpan("authorizeUsingOpa").withTag("opa.allow", false).withTag(COMPONENT, "OpaAuthFilter").start();
    try (Scope ignored = tracer.scopeManager().activate(span)) {
        // collect input parameters for Opa request
        UriInfo uriInfo = requestContext.getUriInfo();
        String method = requestContext.getMethod();
        String trace = requestContext.getHeaderString(RequestTracing.TOKEN_HEADER);
        String jwt = null;
        // if security context already exist and if it is a jwt security context,
        // we include the jwt in the request
        SecurityContext securityContext = requestContext.getSecurityContext();
        Map<String, Claim> claims = null;
        if (null != securityContext) {
            JwtPrincipal jwtPrincipal = getJwtPrincipal(requestContext.getSecurityContext());
            if (jwtPrincipal != null) {
                // JWT principal found, this means that JWT has been validated by
                // auth bundle
                // and can be used within this bundle
                jwt = jwtPrincipal.getJwt();
                claims = jwtPrincipal.getClaims();
            }
        }
        JsonNode constraints = null;
        if (!isDisabled && !isExcluded(uriInfo)) {
            // process the actual request to the open policy agent server
            String[] path = uriInfo.getPathSegments().stream().map(PathSegment::getPath).toArray(String[]::new);
            OpaInput opaInput = new OpaInput(jwt, path, method, trace);
            ObjectNode objectNode = om.convertValue(opaInput, ObjectNode.class);
            // append the input extensions to the input object
            inputExtensions.forEach((namespace, extension) -> objectNode.set(namespace, om.valueToTree(extension.createAdditionalInputContent(requestContext))));
            OpaRequest request = OpaRequest.request(objectNode);
            constraints = authorizeWithOpa(request, span);
        }
        OpaJwtPrincipal principal = OpaJwtPrincipal.create(jwt, claims, constraints, om);
        replaceSecurityContext(requestContext, securityContext, principal);
    } finally {
        span.finish();
    }
}
Also used : OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal) OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal) JsonNode(com.fasterxml.jackson.databind.JsonNode) Span(io.opentracing.Span) Scope(io.opentracing.Scope) SecurityContext(javax.ws.rs.core.SecurityContext) OpaRequest(org.sdase.commons.server.opa.filter.model.OpaRequest) UriInfo(javax.ws.rs.core.UriInfo) Claim(com.auth0.jwt.interfaces.Claim) OpaInput(org.sdase.commons.server.opa.filter.model.OpaInput)

Example 14 with Claim

use of com.auth0.android.jwt.Claim in project sda-dropwizard-commons by SDA-SE.

the class AuthRSA256ServiceTest method validTokenWithIssuerAndConfiguredRequiredIssuer.

@Test
void validTokenWithIssuerAndConfiguredRequiredIssuer() {
    final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
    String token = createToken(keyPair, ISSUER, null, 0, 30);
    keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), ISSUER, null));
    final Map<String, Claim> claims = this.service.auth(token);
    assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
    assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
    assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
}
Also used : JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Claim(com.auth0.jwt.interfaces.Claim) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 15 with Claim

use of com.auth0.android.jwt.Claim in project sda-dropwizard-commons by SDA-SE.

the class AuthRSA256ServiceTest method validTokenWithKeyIdAndIssuerAndNoConfiguredRequiredIssuer.

@Test
void validTokenWithKeyIdAndIssuerAndNoConfiguredRequiredIssuer() {
    final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
    String token = createToken(keyPair, ISSUER, KEY_ID, 0, 30);
    keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), null, KEY_ID));
    final Map<String, Claim> claims = this.service.auth(token);
    assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
    assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
    assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
}
Also used : JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Claim(com.auth0.jwt.interfaces.Claim) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Aggregations

Claim (com.auth0.jwt.interfaces.Claim)110 Test (org.junit.Test)67 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)62 JsonNode (com.fasterxml.jackson.databind.JsonNode)42 Algorithm (com.auth0.jwt.algorithms.Algorithm)24 Date (java.util.Date)24 JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)21 RSAPublicKey (java.security.interfaces.RSAPublicKey)21 Test (org.junit.jupiter.api.Test)18 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)17 JWTVerifier (com.auth0.jwt.JWTVerifier)15 JwksTestKeySource (org.sdase.commons.server.auth.service.testsources.JwksTestKeySource)14 JsonObject (com.google.gson.JsonObject)10 HashMap (java.util.HashMap)9 UserPojo (com.auth0.jwt.UserPojo)8 IOException (java.io.IOException)8 Map (java.util.Map)8 TestingProcessManager (io.supertokens.test.TestingProcessManager)7 NullClaim (com.auth0.jwt.impl.NullClaim)5 JWT (com.auth0.jwt.JWT)4