Example 21 with JSONObject
use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.
the class DynamicProxyTests method testProxyWithOnlyRefreshTokenValid.
@Test
void testProxyWithOnlyRefreshTokenValid() throws ExecutionException, InterruptedException {
val expirationRefresh = now().plus(10, ChronoUnit.SECONDS).getEpochSecond();
val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_refresh", "this_is_refresh_token", expirationRefresh);
JSONObject refreshContent = new JSONObject();
refreshContent.put("access_token", "this_is_a_fresh_access_token");
refreshContent.put("refresh_token", "this_is_a_fresh_refresh_token");
refreshContent.put("token_type", "BEARER");
refreshContent.put("expires_in", 1200);
gen3VM.stubFor(post("/").willReturn(ok(refreshContent.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
JSONObject content = new JSONObject();
content.put("user_id", "119");
content.put("username", "DoeJ");
gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isOk().expectBody().json(content.toJSONString());
// Verify than access token has been refreshed
val accessSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_access", null, null)).get();
assertThat(accessSecret).isNotNull();
assertThat(accessSecret.getSecret()).isEqualTo("encrypted_this_is_a_fresh_access_token");
assertThat(accessSecret.notExpired()).isTrue();
// Verify than refresh token has been refreshed, except for expiration date
val refreshSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_refresh", null, null)).get();
assertThat(refreshSecret).isNotNull();
assertThat(refreshSecret.getSecret()).isEqualTo("encrypted_this_is_a_fresh_refresh_token");
assertThat(refreshSecret.getExpiration()).isEqualTo(expirationRefresh);
}
Also used :
lombok.val(lombok.val)
Secret(io.kidsfirst.core.model.Secret)
JSONObject(com.nimbusds.jose.shaded.json.JSONObject)
Test(org.junit.jupiter.api.Test)
Example 22 with JSONObject
use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.
the class DynamicProxyTests method testProxyWithAccessTokenWithoutExpiration.
@Test
void testProxyWithAccessTokenWithoutExpiration() {
val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_access_token");
JSONObject content = new JSONObject();
content.put("user_id", "119");
content.put("username", "DoeJ");
gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isUnauthorized();
}
Also used :
lombok.val(lombok.val)
JSONObject(com.nimbusds.jose.shaded.json.JSONObject)
Test(org.junit.jupiter.api.Test)
Example 23 with JSONObject
use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.
the class FenceDeprecatedTests method testFenceTokenPOST.
@Test
void testFenceTokenPOST() throws Exception {
val expiration = now().minus(10, ChronoUnit.SECONDS).getEpochSecond();
val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_access_token", expiration);
createUserAndSecretAndObtainAccessToken("fence_gen3_refresh", "this_is_refresh_token", expiration);
JSONObject content = new JSONObject();
content.put("access_token", "this_is_fresh_access_token");
content.put("refresh_token", "this_is_fresh_refresh_token");
content.put("token_type", "BEARER");
content.put("expires_in", 1200);
gen3VM.stubFor(post("/").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
webClient.post().uri(uriBuilder -> uriBuilder.path(fenceTokenUri).queryParam("fence", "gen3").queryParam("code", "anAuthCodeValue").build()).accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isOk().expectBody().jsonPath("$.access_token").value(o -> assertThat(o).isEqualTo("this_is_fresh_access_token")).jsonPath("$.refresh_token").value(o -> assertThat(o).isEqualTo("this_is_fresh_refresh_token"));
val accessSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_access", null, null)).get();
assertThat(accessSecret).isNotNull();
assertThat(accessSecret.getSecret()).isEqualTo("encrypted_this_is_fresh_access_token");
assertThat(accessSecret.getExpiration()).isGreaterThan(expiration);
val refreshSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_refresh", null, null)).get();
assertThat(refreshSecret).isNotNull();
assertThat(refreshSecret.getSecret()).isEqualTo("encrypted_this_is_fresh_refresh_token");
assertThat(refreshSecret.getExpiration()).isGreaterThan(expiration);
}
Also used :
lombok.val(lombok.val)
Secret(io.kidsfirst.core.model.Secret)
JSONObject(com.nimbusds.jose.shaded.json.JSONObject)
Test(org.junit.jupiter.api.Test)
Example 24 with JSONObject
use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.
the class FenceTests method testFenceTokenExchange.
@Test
void testFenceTokenExchange() throws Exception {
val expiration = now().minus(10, ChronoUnit.SECONDS).getEpochSecond();
val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_access_token", expiration);
createUserAndSecretAndObtainAccessToken("fence_gen3_refresh", "this_is_refresh_token", expiration);
JSONObject content = new JSONObject();
content.put("access_token", "this_is_fresh_access_token");
content.put("refresh_token", "this_is_fresh_refresh_token");
content.put("token_type", "BEARER");
content.put("expires_in", 1200);
gen3VM.stubFor(post("/").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
webClient.get().uri(uriBuilder -> uriBuilder.path(fenceExchangeUri).queryParam("code", "anAuthCodeValue").build()).accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isOk().expectBody().jsonPath("$.expiration").exists();
val accessSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_access", null, null)).get();
assertThat(accessSecret).isNotNull();
assertThat(accessSecret.getSecret()).isEqualTo("encrypted_this_is_fresh_access_token");
assertThat(accessSecret.notExpired()).isTrue();
assertThat(accessSecret.getExpiration()).isGreaterThan(expiration);
val refreshSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_refresh", null, null)).get();
assertThat(refreshSecret).isNotNull();
assertThat(refreshSecret.getSecret()).isEqualTo("encrypted_this_is_fresh_refresh_token");
assertThat(refreshSecret.notExpired()).isTrue();
assertThat(refreshSecret.getExpiration()).isGreaterThan(expiration);
}
Also used :
lombok.val(lombok.val)
Secret(io.kidsfirst.core.model.Secret)
JSONObject(com.nimbusds.jose.shaded.json.JSONObject)
Test(org.junit.jupiter.api.Test)
Example 25 with JSONObject
use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.
the class KeyStoreTests method testKeyStorePUT.
@Test
void testKeyStorePUT() throws Exception {
String my_secret = "my_secret";
JSONObject body = new JSONObject();
body.put("service", "cavatica");
body.put("secret", my_secret);
val userIdAndToken = createUserAndSecretAndObtainAccessToken("cavatica", my_secret);
webClient.put().uri(keyStoreUri).accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).bodyValue(body.toJSONString()).exchange().expectStatus().isOk().expectBody();
val secret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "cavatica", null, null)).get();
assertThat(secret).isNotNull();
assertThat(secret.getSecret()).isEqualTo("encrypted_" + my_secret);
}
Also used :
lombok.val(lombok.val)
Secret(io.kidsfirst.core.model.Secret)
JSONObject(com.nimbusds.jose.shaded.json.JSONObject)
Test(org.junit.jupiter.api.Test)
Aggregations
JSONObject (com.nimbusds.jose.shaded.json.JSONObject)52
lombok.val (lombok.val)22
Test (org.junit.jupiter.api.Test)21
Secret (io.kidsfirst.core.model.Secret)10
JSONArray (com.nimbusds.jose.shaded.json.JSONArray)9
Map (java.util.Map)5
Slf4j (lombok.extern.slf4j.Slf4j)5
JWSObject (com.nimbusds.jose.JWSObject)4
FenceService (io.kidsfirst.core.service.FenceService)4
SecretService (io.kidsfirst.core.service.SecretService)4
ResponseEntity (org.springframework.http.ResponseEntity)4
JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)4
org.springframework.web.bind.annotation (org.springframework.web.bind.annotation)4
IOException (java.io.IOException)3
ECPublicKey (java.security.interfaces.ECPublicKey)3
Flux (reactor.core.publisher.Flux)3
Mono (reactor.core.publisher.Mono)3
JsonNode (com.fasterxml.jackson.databind.JsonNode)2
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2
URI (java.net.URI)2
