Search in sources :

Example 1 with CerberusJwtClaims

use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.

the class AuthTokenServiceTest method test_that_when_a_token_is_expired_empty_is_returned_jwt.

@Test
public void test_that_when_a_token_is_expired_empty_is_returned_jwt() {
    final String tokenId = "abc.123.def";
    when(jwtService.isJwt(tokenId)).thenReturn(true);
    when(jwtService.parseAndValidateToken(tokenId)).thenReturn(Optional.of(new CerberusJwtClaims().setExpiresTs(OffsetDateTime.now().minusHours(1))));
    Optional<CerberusAuthToken> tokenOptional = authTokenService.getCerberusAuthToken(tokenId);
    assertTrue("optional should be empty", !tokenOptional.isPresent());
}
Also used : CerberusAuthToken(com.nike.cerberus.domain.CerberusAuthToken) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims) Test(org.junit.Test)

Example 2 with CerberusJwtClaims

use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.

the class AuthTokenService method getCerberusAuthTokenFromJwt.

private CerberusAuthToken getCerberusAuthTokenFromJwt(String principal, PrincipalType principalType, boolean isAdmin, String groups, long ttlInMinutes, int refreshCount, String id, OffsetDateTime now) throws AuthTokenTooLongException {
    AuthTokenInfo authTokenInfo;
    String token;
    authTokenInfo = new CerberusJwtClaims().setId(id).setCreatedTs(now).setExpiresTs(now.plusMinutes(ttlInMinutes)).setPrincipal(principal).setPrincipalType(principalType.getName()).setIsAdmin(isAdmin).setGroups(groups).setRefreshCount(refreshCount);
    token = jwtService.generateJwtToken((CerberusJwtClaims) authTokenInfo);
    return getCerberusAuthTokenFromRecord(token, authTokenInfo);
}
Also used : AuthTokenInfo(com.nike.cerberus.domain.AuthTokenInfo) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims)

Example 3 with CerberusJwtClaims

use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.

the class JwtService method parseAndValidateToken.

/**
 * Parse and validate JWT token
 *
 * @param token JWT token
 * @return Cerberus JWT claims
 */
public Optional<CerberusJwtClaims> parseAndValidateToken(String token) {
    Jws<Claims> claimsJws;
    try {
        claimsJws = Jwts.parser().requireIssuer(environmentName).setSigningKeyResolver(signingKeyResolver).parseClaimsJws(token);
    } catch (InvalidClaimException e) {
        log.warn("Invalid claim when parsing token: {}", token, e);
        return Optional.empty();
    } catch (JwtException e) {
        log.warn("Error parsing JWT token: {}", token, e);
        return Optional.empty();
    } catch (IllegalArgumentException e) {
        log.warn("Error parsing JWT token: {}", token, e);
        return Optional.empty();
    }
    Claims claims = claimsJws.getBody();
    if (blocklist.contains(claims.getId())) {
        log.warn("This JWT token is blocklisted. ID: {}", claims.getId());
        return Optional.empty();
    }
    String subject = claims.getSubject();
    CerberusJwtClaims cerberusJwtClaims = new CerberusJwtClaims().setId(claims.getId()).setPrincipal(subject).setExpiresTs(OffsetDateTime.ofInstant(claims.getExpiration().toInstant(), ZoneId.systemDefault())).setCreatedTs(OffsetDateTime.ofInstant(claims.getIssuedAt().toInstant(), ZoneId.systemDefault())).setPrincipalType(claims.get(PRINCIPAL_TYPE_CLAIM_NAME, String.class)).setGroups(claims.get(GROUP_CLAIM_NAME, String.class)).setIsAdmin(claims.get(IS_ADMIN_CLAIM_NAME, Boolean.class)).setRefreshCount(claims.get(REFRESH_COUNT_CLAIM_NAME, Integer.class));
    return Optional.of(cerberusJwtClaims);
}
Also used : CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims)

Example 4 with CerberusJwtClaims

use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.

the class JwtServiceTest method setUp.

@Before
public void setUp() throws Exception {
    initMocks(this);
    jwtService = new JwtService(signingKeyResolver, "local", jwtBlocklistDao);
    ReflectionTestUtils.setField(jwtService, "maxTokenLength", 1600);
    cerberusJwtKeySpec = new CerberusJwtKeySpec(new byte[64], "HmacSHA512", "key id");
    cerberusJwtClaims = new CerberusJwtClaims();
    cerberusJwtClaims.setId("id");
    cerberusJwtClaims.setPrincipal("principal");
    cerberusJwtClaims.setGroups("groups");
    cerberusJwtClaims.setIsAdmin(true);
    cerberusJwtClaims.setPrincipalType("type");
    cerberusJwtClaims.setRefreshCount(1);
    cerberusJwtClaims.setCreatedTs(OffsetDateTime.of(2000, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC));
    cerberusJwtClaims.setExpiresTs(// should be good for a while
    OffsetDateTime.of(3000, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC));
    when(signingKeyResolver.resolveSigningKey()).thenReturn(cerberusJwtKeySpec);
    when(signingKeyResolver.resolveSigningKey(any(JwsHeader.class), any(Claims.class))).thenReturn(cerberusJwtKeySpec);
}
Also used : Claims(io.jsonwebtoken.Claims) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims) JwsHeader(io.jsonwebtoken.JwsHeader) CerberusJwtKeySpec(com.nike.cerberus.jwt.CerberusJwtKeySpec) Before(org.junit.Before)

Example 5 with CerberusJwtClaims

use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.

the class AuthTokenServiceTest method test_that_when_a_valid_non_expired_token_record_is_present_the_optional_is_populated_with_valid_token_object_jwt.

@Test
public void test_that_when_a_valid_non_expired_token_record_is_present_the_optional_is_populated_with_valid_token_object_jwt() {
    String id = UUID.randomUUID().toString();
    String tokenId = "abc.123.def";
    OffsetDateTime now = OffsetDateTime.now();
    String principal = "test-user@domain.com";
    String groups = "group1,group2,group3";
    when(jwtService.isJwt(tokenId)).thenReturn(true);
    when(jwtService.parseAndValidateToken(tokenId)).thenReturn(Optional.of(new CerberusJwtClaims().setId(id).setCreatedTs(now).setExpiresTs(now.plusHours(1)).setPrincipal(principal).setPrincipalType(PrincipalType.USER.getName()).setIsAdmin(false).setGroups(groups).setRefreshCount(0)));
    Optional<CerberusAuthToken> tokenOptional = authTokenService.getCerberusAuthToken(tokenId);
    CerberusAuthToken token = tokenOptional.orElseThrow(() -> new AssertionFailedError("Token should be present"));
    assertEquals(tokenId, token.getToken());
    assertEquals(now, token.getCreated());
    assertEquals(now.plusHours(1), token.getExpires());
    assertEquals(principal, token.getPrincipal());
    assertEquals(PrincipalType.USER, token.getPrincipalType());
    assertEquals(false, token.isAdmin());
    assertEquals(groups, token.getGroups());
    assertEquals(0, token.getRefreshCount());
}
Also used : CerberusAuthToken(com.nike.cerberus.domain.CerberusAuthToken) OffsetDateTime(java.time.OffsetDateTime) CerberusJwtClaims(com.nike.cerberus.jwt.CerberusJwtClaims) AssertionFailedError(junit.framework.AssertionFailedError) Test(org.junit.Test)

Aggregations

CerberusJwtClaims (com.nike.cerberus.jwt.CerberusJwtClaims)6 Test (org.junit.Test)3 CerberusAuthToken (com.nike.cerberus.domain.CerberusAuthToken)2 AuthTokenInfo (com.nike.cerberus.domain.AuthTokenInfo)1 CerberusJwtKeySpec (com.nike.cerberus.jwt.CerberusJwtKeySpec)1 Claims (io.jsonwebtoken.Claims)1 JwsHeader (io.jsonwebtoken.JwsHeader)1 OffsetDateTime (java.time.OffsetDateTime)1 AssertionFailedError (junit.framework.AssertionFailedError)1 Before (org.junit.Before)1