use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.
the class AuthTokenServiceTest method test_that_when_a_token_is_expired_empty_is_returned_jwt.
@Test
public void test_that_when_a_token_is_expired_empty_is_returned_jwt() {
final String tokenId = "abc.123.def";
when(jwtService.isJwt(tokenId)).thenReturn(true);
when(jwtService.parseAndValidateToken(tokenId)).thenReturn(Optional.of(new CerberusJwtClaims().setExpiresTs(OffsetDateTime.now().minusHours(1))));
Optional<CerberusAuthToken> tokenOptional = authTokenService.getCerberusAuthToken(tokenId);
assertTrue("optional should be empty", !tokenOptional.isPresent());
}
use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.
the class AuthTokenService method getCerberusAuthTokenFromJwt.
private CerberusAuthToken getCerberusAuthTokenFromJwt(String principal, PrincipalType principalType, boolean isAdmin, String groups, long ttlInMinutes, int refreshCount, String id, OffsetDateTime now) throws AuthTokenTooLongException {
AuthTokenInfo authTokenInfo;
String token;
authTokenInfo = new CerberusJwtClaims().setId(id).setCreatedTs(now).setExpiresTs(now.plusMinutes(ttlInMinutes)).setPrincipal(principal).setPrincipalType(principalType.getName()).setIsAdmin(isAdmin).setGroups(groups).setRefreshCount(refreshCount);
token = jwtService.generateJwtToken((CerberusJwtClaims) authTokenInfo);
return getCerberusAuthTokenFromRecord(token, authTokenInfo);
}
use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.
the class JwtService method parseAndValidateToken.
/**
* Parse and validate JWT token
*
* @param token JWT token
* @return Cerberus JWT claims
*/
public Optional<CerberusJwtClaims> parseAndValidateToken(String token) {
Jws<Claims> claimsJws;
try {
claimsJws = Jwts.parser().requireIssuer(environmentName).setSigningKeyResolver(signingKeyResolver).parseClaimsJws(token);
} catch (InvalidClaimException e) {
log.warn("Invalid claim when parsing token: {}", token, e);
return Optional.empty();
} catch (JwtException e) {
log.warn("Error parsing JWT token: {}", token, e);
return Optional.empty();
} catch (IllegalArgumentException e) {
log.warn("Error parsing JWT token: {}", token, e);
return Optional.empty();
}
Claims claims = claimsJws.getBody();
if (blocklist.contains(claims.getId())) {
log.warn("This JWT token is blocklisted. ID: {}", claims.getId());
return Optional.empty();
}
String subject = claims.getSubject();
CerberusJwtClaims cerberusJwtClaims = new CerberusJwtClaims().setId(claims.getId()).setPrincipal(subject).setExpiresTs(OffsetDateTime.ofInstant(claims.getExpiration().toInstant(), ZoneId.systemDefault())).setCreatedTs(OffsetDateTime.ofInstant(claims.getIssuedAt().toInstant(), ZoneId.systemDefault())).setPrincipalType(claims.get(PRINCIPAL_TYPE_CLAIM_NAME, String.class)).setGroups(claims.get(GROUP_CLAIM_NAME, String.class)).setIsAdmin(claims.get(IS_ADMIN_CLAIM_NAME, Boolean.class)).setRefreshCount(claims.get(REFRESH_COUNT_CLAIM_NAME, Integer.class));
return Optional.of(cerberusJwtClaims);
}
use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.
the class JwtServiceTest method setUp.
@Before
public void setUp() throws Exception {
initMocks(this);
jwtService = new JwtService(signingKeyResolver, "local", jwtBlocklistDao);
ReflectionTestUtils.setField(jwtService, "maxTokenLength", 1600);
cerberusJwtKeySpec = new CerberusJwtKeySpec(new byte[64], "HmacSHA512", "key id");
cerberusJwtClaims = new CerberusJwtClaims();
cerberusJwtClaims.setId("id");
cerberusJwtClaims.setPrincipal("principal");
cerberusJwtClaims.setGroups("groups");
cerberusJwtClaims.setIsAdmin(true);
cerberusJwtClaims.setPrincipalType("type");
cerberusJwtClaims.setRefreshCount(1);
cerberusJwtClaims.setCreatedTs(OffsetDateTime.of(2000, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC));
cerberusJwtClaims.setExpiresTs(// should be good for a while
OffsetDateTime.of(3000, 1, 1, 1, 1, 1, 1, ZoneOffset.UTC));
when(signingKeyResolver.resolveSigningKey()).thenReturn(cerberusJwtKeySpec);
when(signingKeyResolver.resolveSigningKey(any(JwsHeader.class), any(Claims.class))).thenReturn(cerberusJwtKeySpec);
}
use of com.nike.cerberus.jwt.CerberusJwtClaims in project cerberus by Nike-Inc.
the class AuthTokenServiceTest method test_that_when_a_valid_non_expired_token_record_is_present_the_optional_is_populated_with_valid_token_object_jwt.
@Test
public void test_that_when_a_valid_non_expired_token_record_is_present_the_optional_is_populated_with_valid_token_object_jwt() {
String id = UUID.randomUUID().toString();
String tokenId = "abc.123.def";
OffsetDateTime now = OffsetDateTime.now();
String principal = "test-user@domain.com";
String groups = "group1,group2,group3";
when(jwtService.isJwt(tokenId)).thenReturn(true);
when(jwtService.parseAndValidateToken(tokenId)).thenReturn(Optional.of(new CerberusJwtClaims().setId(id).setCreatedTs(now).setExpiresTs(now.plusHours(1)).setPrincipal(principal).setPrincipalType(PrincipalType.USER.getName()).setIsAdmin(false).setGroups(groups).setRefreshCount(0)));
Optional<CerberusAuthToken> tokenOptional = authTokenService.getCerberusAuthToken(tokenId);
CerberusAuthToken token = tokenOptional.orElseThrow(() -> new AssertionFailedError("Token should be present"));
assertEquals(tokenId, token.getToken());
assertEquals(now, token.getCreated());
assertEquals(now.plusHours(1), token.getExpires());
assertEquals(principal, token.getPrincipal());
assertEquals(PrincipalType.USER, token.getPrincipalType());
assertEquals(false, token.isAdmin());
assertEquals(groups, token.getGroups());
assertEquals(0, token.getRefreshCount());
}
Aggregations