Examples with JwtConfig com.nexblocks.authguard.service.config.JwtConfig used on opensource projects
Example 1 with JwtConfig
use of com.nexblocks.authguard.service.config.JwtConfig in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method validateWithAlgNone.
@Test
void validateWithAlgNone() {
final StrategyConfig strategyConfig = strategyConfig(false);
final JwtConfig jwtConfig = jwtConfig();
final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
final AccountBO account = RANDOM.nextObject(AccountBO.class);
final AuthResponseBO tokens = generateToken(jwtConfig, account, null);
final String payload = tokens.getToken().toString().split("\\.")[1];
final String maliciousToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9." + payload + ".signature";
assertThat(jwtTokenVerifier.verify(maliciousToken)).isEmpty();
}
Also used :
AccountBO(com.nexblocks.authguard.service.model.AccountBO)
JwtConfig(com.nexblocks.authguard.service.config.JwtConfig)
StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig)
AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO)
Test(org.junit.jupiter.api.Test)
Example 2 with JwtConfig
use of com.nexblocks.authguard.service.config.JwtConfig in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method validateWithJtiBlacklisted.
@Test
void validateWithJtiBlacklisted() {
final StrategyConfig strategyConfig = strategyConfig(true);
final JwtConfig jwtConfig = jwtConfig();
final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
final String jti = UUID.randomUUID().toString();
Mockito.when(jtiProvider.next()).thenReturn(jti);
Mockito.when(jtiProvider.validate(jti)).thenReturn(false);
final AccountBO account = RANDOM.nextObject(AccountBO.class);
final AuthResponseBO tokens = generateToken(jwtConfig, account, jti);
final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(tokens.getToken().toString());
assertThat(validatedToken.isLeft());
}
Also used :
AccountBO(com.nexblocks.authguard.service.model.AccountBO)
JwtConfig(com.nexblocks.authguard.service.config.JwtConfig)
StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig)
AuthResponseBO(com.nexblocks.authguard.service.model.AuthResponseBO)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)
Test(org.junit.jupiter.api.Test)
Example 3 with JwtConfig
use of com.nexblocks.authguard.service.config.JwtConfig in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method newVerifierInstance.
private JwtTokenVerifier newVerifierInstance(final StrategyConfig strategyConfig) {
jtiProvider = Mockito.mock(JtiProvider.class);
final JwtConfig jwtConfig = jwtConfig();
final Algorithm algorithm = JwtConfigParser.parseAlgorithm(jwtConfig.getAlgorithm(), jwtConfig.getPublicKey(), jwtConfig.getPrivateKey());
return new JwtTokenVerifier(strategyConfig, jtiProvider, algorithm);
}Example 4 with JwtConfig
use of com.nexblocks.authguard.service.config.JwtConfig in project AuthGuard by AuthGuard.
the class JwtTokenVerifierTest method validateExpired.
@Test
void validateExpired() {
final StrategyConfig strategyConfig = strategyConfig(false);
final JwtConfig jwtConfig = jwtConfig();
final AccountBO account = RANDOM.nextObject(AccountBO.class);
final Algorithm algorithm = JwtConfigParser.parseAlgorithm(jwtConfig.getAlgorithm(), jwtConfig.getPublicKey(), jwtConfig.getPrivateKey());
final JwtGenerator jwtGenerator = new JwtGenerator(jwtConfig);
final String token = jwtGenerator.generateUnsignedToken(account, Duration.ofMinutes(5)).withExpiresAt(Date.from(Instant.now().minusSeconds(60))).sign(algorithm);
final JwtTokenVerifier jwtTokenVerifier = newVerifierInstance(strategyConfig);
final Either<Exception, DecodedJWT> validatedToken = jwtTokenVerifier.verify(token);
assertThat(validatedToken.isLeft()).isTrue();
assertThat(validatedToken.getLeft()).isInstanceOf(ServiceAuthorizationException.class);
}
Also used :
AccountBO(com.nexblocks.authguard.service.model.AccountBO)
JwtConfig(com.nexblocks.authguard.service.config.JwtConfig)
StrategyConfig(com.nexblocks.authguard.service.config.StrategyConfig)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
ServiceAuthorizationException(com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)
Test(org.junit.jupiter.api.Test)
Example 5 with JwtConfig
use of com.nexblocks.authguard.service.config.JwtConfig in project AuthGuard by AuthGuard.
the class TokenEncryptorAdapterTest method initializeWithNonExistingKeys.
@Test
void initializeWithNonExistingKeys() {
final JwtConfig jwtConfig = JwtConfig.builder().encryption(EncryptionConfig.builder().algorithm("EC").publicKey("src/test/resources/none.pem").privateKey("src/test/resources/none.pem").build()).build();
assertThatThrownBy(() -> new TokenEncryptorAdapter(jwtConfig)).isInstanceOf(IllegalStateException.class);
}Aggregations
JwtConfig (com.nexblocks.authguard.service.config.JwtConfig)13
Test (org.junit.jupiter.api.Test)11
StrategyConfig (com.nexblocks.authguard.service.config.StrategyConfig)5
AccountBO (com.nexblocks.authguard.service.model.AccountBO)5
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)4
ServiceAuthorizationException (com.nexblocks.authguard.service.exceptions.ServiceAuthorizationException)4
AuthResponseBO (com.nexblocks.authguard.service.model.AuthResponseBO)4
Algorithm (com.auth0.jwt.algorithms.Algorithm)3
