Search in sources :

Example 1 with SignedToken

use of com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken in project coprhd-controller by CoprHD.

the class TokenManagerTests method testTokenKeysSignature.

/**
 * tests for token signature manipulation
 *
 * @throws Exception
 */
@Test
public void testTokenKeysSignature() throws Exception {
    commonDefaultSetupForSingleNodeTests();
    StorageOSUserDAO userDAO = new StorageOSUserDAO();
    userDAO.setUserName("user1");
    userDAO.setIsLocal(true);
    final String token = _tokenManager.getToken(userDAO);
    Assert.assertNotNull(token);
    TokenOnWire tw1 = _encoder.decode(token);
    // verify token
    StorageOSUserDAO gotUser = _tokenManager.validateToken(token);
    Assert.assertNotNull(gotUser);
    // base64 decode the token, just to look at the version field and
    // make sure it is set to what we think.
    byte[] decoded = Base64.decodeBase64(token.getBytes("UTF-8"));
    SignedToken stOffTheWire = (SignedToken) _serializer.fromByteArray(SignedToken.class, decoded);
    Assert.assertEquals(stOffTheWire.getTokenEncodingVersion(), Base64TokenEncoder.VIPR_ENCODING_VERSION);
    // Re-encode the valid token, using a bad signature. Try to validate that.
    byte[] reserialized = _serializer.toByteArray(TokenOnWire.class, tw1);
    SignedToken st = new SignedToken(reserialized, "badsignature");
    byte[] serializedSignedToken = _serializer.toByteArray(SignedToken.class, st);
    byte[] forgedToken = Base64.encodeBase64(serializedSignedToken);
    // Resulting token should fail validation even though the embedded token data is good
    try {
        gotUser = _tokenManager.validateToken(new String(forgedToken, "UTF-8"));
        Assert.fail("Resulting token should fail validation");
    } catch (UnauthorizedException ex) {
        // This is an expected exception
        Assert.assertTrue(true);
    }
    try {
        gotUser = _tokenManager.validateToken("somethingthatwontevendecode");
        Assert.fail("Arbitrary token should not be validated.");
    } catch (UnauthorizedException ex) {
        // This is an expected exception.
        Assert.assertTrue(true);
    }
}
Also used : SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken) StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO) UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException) TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire) Test(org.junit.Test)

Aggregations

StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)1 SignedToken (com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)1 TokenOnWire (com.emc.storageos.security.authentication.TokenOnWire)1 UnauthorizedException (com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)1 Test (org.junit.Test)1