Examples with ImpersonatedAccountSignerCredentials - com.google.fleetengine.auth.token.factory.signer.ImpersonatedSigner.ImpersonatedAccountSignerCredentials

Example 1 with ImpersonatedAccountSignerCredentials

use of com.google.fleetengine.auth.token.factory.signer.ImpersonatedSigner.ImpersonatedAccountSignerCredentials in project java-fleetengine-auth by googlemaps.

the class ImpersonatedSignerTest method sign_buildsJwtCorrectly.

@Test
public void sign_buildsJwtCorrectly() {
    FleetEngineToken token = FleetEngineToken.builder().setTokenType(FleetEngineTokenType.SERVER).setCreationTimestamp(Date.from(creation.instant())).setExpirationTimestamp(Date.from(expiration.instant())).setAudience(TEST_AUDIENCE).setAuthorizationClaims(EmptyFleetEngineTokenClaims.INSTANCE).build();
    // Mock impersonated credentials
    ImpersonatedAccountSignerCredentials impersonatedCredentials = mock(ImpersonatedAccountSignerCredentials.class);
    when(impersonatedCredentials.getAccount()).thenReturn(TEST_SERVICE_ACCOUNT);
    when(impersonatedCredentials.sign(any(), any())).thenAnswer(invocation -> {
        byte[] presignedHeaderJwt = invocation.getArgument(0, byte[].class);
        byte[] presignedContentJwt = invocation.getArgument(0, byte[].class);
        return Algorithm.none().sign(presignedHeaderJwt, presignedContentJwt);
    });
    ImpersonatedSigner signer = new ImpersonatedSigner(impersonatedCredentials);
    // Sign the token with the "none" algorithm.
    FleetEngineToken signedToken = signer.sign(token);
    // Check that the payload matches what was expected
    DecodedJWT decodedJWT = JWT.decode(signedToken.jwt());
    String payload = new String(Base64.getDecoder().decode(decodedJWT.getPayload()), UTF_8);
    Gson gson = new Gson();
    JwtPayload jwtPayload = gson.fromJson(payload, JwtPayload.class);
    assertThat(jwtPayload.audience).isEqualTo(TEST_AUDIENCE);
    assertThat(jwtPayload.issuer).isEqualTo(TEST_SERVICE_ACCOUNT);
    assertThat(jwtPayload.subject).isEqualTo(TEST_SERVICE_ACCOUNT);
    assertThat(jwtPayload.issuedAt).isEqualTo(creation.instant().getEpochSecond());
    assertThat(jwtPayload.expiredAt).isEqualTo(expiration.instant().getEpochSecond());
}

Also used : Gson(com.google.gson.Gson) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) FleetEngineToken(com.google.fleetengine.auth.token.FleetEngineToken) ImpersonatedAccountSignerCredentials(com.google.fleetengine.auth.token.factory.signer.ImpersonatedSigner.ImpersonatedAccountSignerCredentials) Test(org.junit.Test)

Aggregations

DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)1 FleetEngineToken (com.google.fleetengine.auth.token.FleetEngineToken)1 ImpersonatedAccountSignerCredentials (com.google.fleetengine.auth.token.factory.signer.ImpersonatedSigner.ImpersonatedAccountSignerCredentials)1 Gson (com.google.gson.Gson)1 Test (org.junit.Test)1