Example 11 with Claim
use of com.auth0.jwt.Claim in project sda-dropwizard-commons by SDA-SE.
the class AuthRSA256ServiceTest method validTokenWithKeyIdAndIssuerAndConfiguredRequiredIssuer.
@Test
void validTokenWithKeyIdAndIssuerAndConfiguredRequiredIssuer() {
final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
String token = createToken(keyPair, ISSUER, KEY_ID, 0, 30);
keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), ISSUER, KEY_ID));
final Map<String, Claim> claims = this.service.auth(token);
assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
}
Also used :
JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Claim(com.auth0.jwt.interfaces.Claim)
Date(java.util.Date)
Test(org.junit.jupiter.api.Test)
Example 12 with Claim
use of com.auth0.jwt.Claim in project sda-dropwizard-commons by SDA-SE.
the class AuthRSA256ServiceTest method validTokenWithKeyIdAndIssuerAndWillExpire.
@Test
void validTokenWithKeyIdAndIssuerAndWillExpire() throws InterruptedException {
final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
String token = createToken(keyPair, ISSUER, KEY_ID, 0, 2);
keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), ISSUER, KEY_ID));
final Map<String, Claim> claims = this.service.auth(token);
assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
TimeUnit.SECONDS.sleep(3);
assertThatThrownBy(() -> this.service.auth(token)).isInstanceOf(JwtAuthException.class);
}
Also used :
JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Claim(com.auth0.jwt.interfaces.Claim)
Date(java.util.Date)
Test(org.junit.jupiter.api.Test)
Example 13 with Claim
use of com.auth0.jwt.Claim in project sda-dropwizard-commons by SDA-SE.
the class OpaAuthFilter method filter.
@Override
public void filter(ContainerRequestContext requestContext) {
Span span = tracer.buildSpan("authorizeUsingOpa").withTag("opa.allow", false).withTag(COMPONENT, "OpaAuthFilter").start();
try (Scope ignored = tracer.scopeManager().activate(span)) {
// collect input parameters for Opa request
UriInfo uriInfo = requestContext.getUriInfo();
String method = requestContext.getMethod();
String trace = requestContext.getHeaderString(RequestTracing.TOKEN_HEADER);
String jwt = null;
// if security context already exist and if it is a jwt security context,
// we include the jwt in the request
SecurityContext securityContext = requestContext.getSecurityContext();
Map<String, Claim> claims = null;
if (null != securityContext) {
JwtPrincipal jwtPrincipal = getJwtPrincipal(requestContext.getSecurityContext());
if (jwtPrincipal != null) {
// JWT principal found, this means that JWT has been validated by
// auth bundle
// and can be used within this bundle
jwt = jwtPrincipal.getJwt();
claims = jwtPrincipal.getClaims();
}
}
JsonNode constraints = null;
if (!isDisabled && !isExcluded(uriInfo)) {
// process the actual request to the open policy agent server
String[] path = uriInfo.getPathSegments().stream().map(PathSegment::getPath).toArray(String[]::new);
OpaInput opaInput = new OpaInput(jwt, path, method, trace);
ObjectNode objectNode = om.convertValue(opaInput, ObjectNode.class);
// append the input extensions to the input object
inputExtensions.forEach((namespace, extension) -> objectNode.set(namespace, om.valueToTree(extension.createAdditionalInputContent(requestContext))));
OpaRequest request = OpaRequest.request(objectNode);
constraints = authorizeWithOpa(request, span);
}
OpaJwtPrincipal principal = OpaJwtPrincipal.create(jwt, claims, constraints, om);
replaceSecurityContext(requestContext, securityContext, principal);
} finally {
span.finish();
}
}
Also used :
OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal)
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
JwtPrincipal(org.sdase.commons.server.auth.JwtPrincipal)
OpaJwtPrincipal(org.sdase.commons.server.opa.OpaJwtPrincipal)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
Span(io.opentracing.Span)
Scope(io.opentracing.Scope)
SecurityContext(javax.ws.rs.core.SecurityContext)
OpaRequest(org.sdase.commons.server.opa.filter.model.OpaRequest)
UriInfo(javax.ws.rs.core.UriInfo)
Claim(com.auth0.jwt.interfaces.Claim)
OpaInput(org.sdase.commons.server.opa.filter.model.OpaInput)
Example 14 with Claim
use of com.auth0.jwt.Claim in project sda-dropwizard-commons by SDA-SE.
the class AuthRSA256ServiceTest method validTokenWithIssuerAndConfiguredRequiredIssuer.
@Test
void validTokenWithIssuerAndConfiguredRequiredIssuer() {
final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
String token = createToken(keyPair, ISSUER, null, 0, 30);
keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), ISSUER, null));
final Map<String, Claim> claims = this.service.auth(token);
assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
}
Also used :
JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Claim(com.auth0.jwt.interfaces.Claim)
Date(java.util.Date)
Test(org.junit.jupiter.api.Test)
Example 15 with Claim
use of com.auth0.jwt.Claim in project sda-dropwizard-commons by SDA-SE.
the class AuthRSA256ServiceTest method validTokenWithKeyIdAndIssuerAndNoConfiguredRequiredIssuer.
@Test
void validTokenWithKeyIdAndIssuerAndNoConfiguredRequiredIssuer() {
final Pair<RSAPrivateKey, RSAPublicKey> keyPair = createKeyPair(RSA_PRIVATE_KEY);
String token = createToken(keyPair, ISSUER, KEY_ID, 0, 30);
keyLoader.addKeySource(new JwksTestKeySource(ISSUER, keyPair.getRight(), null, KEY_ID));
final Map<String, Claim> claims = this.service.auth(token);
assertThat(claims.get(CLAIM_ISSUER).asString()).isEqualTo(ISSUER);
assertThat(claims.get(CLAIM_NOT_BEFORE).asLong() * 1000L).isLessThan(new Date().getTime());
assertThat(claims.get(CLAIM_EXPIRE).asLong() * 1000L).isGreaterThan(new Date().getTime());
}
Also used :
JwksTestKeySource(org.sdase.commons.server.auth.service.testsources.JwksTestKeySource)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Claim(com.auth0.jwt.interfaces.Claim)
Date(java.util.Date)
Test(org.junit.jupiter.api.Test)
Aggregations
Claim (com.auth0.jwt.interfaces.Claim)110
Test (org.junit.Test)67
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)62
JsonNode (com.fasterxml.jackson.databind.JsonNode)42
Algorithm (com.auth0.jwt.algorithms.Algorithm)24
Date (java.util.Date)24
JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)21
RSAPublicKey (java.security.interfaces.RSAPublicKey)21
Test (org.junit.jupiter.api.Test)18
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)17
JWTVerifier (com.auth0.jwt.JWTVerifier)15
JwksTestKeySource (org.sdase.commons.server.auth.service.testsources.JwksTestKeySource)14
JsonObject (com.google.gson.JsonObject)10
HashMap (java.util.HashMap)9
UserPojo (com.auth0.jwt.UserPojo)8
IOException (java.io.IOException)8
Map (java.util.Map)8
TestingProcessManager (io.supertokens.test.TestingProcessManager)7
NullClaim (com.auth0.jwt.impl.NullClaim)5
JWT (com.auth0.jwt.JWT)4
