use of com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken in project coprhd-controller by CoprHD.
the class TokenManagerTests method testTokenKeysSignature.
/**
* tests for token signature manipulation
*
* @throws Exception
*/
@Test
public void testTokenKeysSignature() throws Exception {
commonDefaultSetupForSingleNodeTests();
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
userDAO.setIsLocal(true);
final String token = _tokenManager.getToken(userDAO);
Assert.assertNotNull(token);
TokenOnWire tw1 = _encoder.decode(token);
// verify token
StorageOSUserDAO gotUser = _tokenManager.validateToken(token);
Assert.assertNotNull(gotUser);
// base64 decode the token, just to look at the version field and
// make sure it is set to what we think.
byte[] decoded = Base64.decodeBase64(token.getBytes("UTF-8"));
SignedToken stOffTheWire = (SignedToken) _serializer.fromByteArray(SignedToken.class, decoded);
Assert.assertEquals(stOffTheWire.getTokenEncodingVersion(), Base64TokenEncoder.VIPR_ENCODING_VERSION);
// Re-encode the valid token, using a bad signature. Try to validate that.
byte[] reserialized = _serializer.toByteArray(TokenOnWire.class, tw1);
SignedToken st = new SignedToken(reserialized, "badsignature");
byte[] serializedSignedToken = _serializer.toByteArray(SignedToken.class, st);
byte[] forgedToken = Base64.encodeBase64(serializedSignedToken);
// Resulting token should fail validation even though the embedded token data is good
try {
gotUser = _tokenManager.validateToken(new String(forgedToken, "UTF-8"));
Assert.fail("Resulting token should fail validation");
} catch (UnauthorizedException ex) {
// This is an expected exception
Assert.assertTrue(true);
}
try {
gotUser = _tokenManager.validateToken("somethingthatwontevendecode");
Assert.fail("Arbitrary token should not be validated.");
} catch (UnauthorizedException ex) {
// This is an expected exception.
Assert.assertTrue(true);
}
}
Aggregations