Search in sources :

Example 36 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class DynamicProxyTests method testProxyWithAccessTokenValid.

@Test
void testProxyWithAccessTokenValid() {
    val expiration = now().plus(10, ChronoUnit.SECONDS).getEpochSecond();
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_access_token", expiration);
    JSONObject content = new JSONObject();
    content.put("user_id", "119");
    content.put("username", "DoeJ");
    gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isOk().expectBody().json(content.toJSONString());
}
Also used : lombok.val(lombok.val) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 37 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class DynamicProxyTests method testProxyWithRefreshTokenValidAndAccessWithoutExpiration.

@Test
void testProxyWithRefreshTokenValidAndAccessWithoutExpiration() throws ExecutionException, InterruptedException {
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_an_expired_access_token");
    val expirationRefresh = now().plus(10, ChronoUnit.SECONDS).getEpochSecond();
    createSecret("fence_gen3_refresh", userIdAndToken.getUserId(), "this_is_refresh_token", expirationRefresh);
    JSONObject refreshContent = new JSONObject();
    refreshContent.put("access_token", "this_is_a_fresh_access_token");
    refreshContent.put("refresh_token", "this_is_a_fresh_refresh_token");
    refreshContent.put("token_type", "BEARER");
    refreshContent.put("expires_in", 1200);
    gen3VM.stubFor(post("/").willReturn(ok(refreshContent.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    JSONObject content = new JSONObject();
    content.put("user_id", "119");
    content.put("username", "DoeJ");
    gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isOk().expectBody().json(content.toJSONString());
    // Verify than access token has been refreshed
    val accessSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_access", null, null)).get();
    assertThat(accessSecret).isNotNull();
    assertThat(accessSecret.getSecret()).isEqualTo("encrypted_this_is_a_fresh_access_token");
    assertThat(accessSecret.notExpired()).isTrue();
    // Verify than refresh token has been refreshed, except for expiration date
    val refreshSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_refresh", null, null)).get();
    assertThat(refreshSecret).isNotNull();
    assertThat(refreshSecret.getSecret()).isEqualTo("encrypted_this_is_a_fresh_refresh_token");
    assertThat(refreshSecret.getExpiration()).isEqualTo(expirationRefresh);
}
Also used : lombok.val(lombok.val) Secret(io.kidsfirst.core.model.Secret) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 38 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class DynamicProxyTests method testProxyWithoutAccessToken.

@Test
void testProxyWithoutAccessToken() {
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("OTHER", "this_is_access_token");
    JSONObject content = new JSONObject();
    content.put("user_id", "119");
    content.put("username", "DoeJ");
    gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isUnauthorized();
}
Also used : lombok.val(lombok.val) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 39 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class DynamicProxyTests method testProxyWithBothTokenAndRefreshValid.

@Test
void testProxyWithBothTokenAndRefreshValid() throws ExecutionException, InterruptedException {
    val expirationAccess = now().minus(10, ChronoUnit.SECONDS).getEpochSecond();
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_an_expired_access_token", expirationAccess);
    val expirationRefresh = now().plus(10, ChronoUnit.SECONDS).getEpochSecond();
    createSecret("fence_gen3_refresh", userIdAndToken.getUserId(), "this_is_refresh_token", expirationRefresh);
    JSONObject refreshContent = new JSONObject();
    refreshContent.put("access_token", "this_is_a_fresh_access_token");
    refreshContent.put("refresh_token", "this_is_a_fresh_refresh_token");
    refreshContent.put("token_type", "BEARER");
    refreshContent.put("expires_in", 1200);
    gen3VM.stubFor(post("/").willReturn(ok(refreshContent.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    JSONObject content = new JSONObject();
    content.put("user_id", "119");
    content.put("username", "DoeJ");
    gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isOk().expectBody().json(content.toJSONString());
    // Verify than access token has been refreshed
    val accessSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_access", null, null)).get();
    assertThat(accessSecret).isNotNull();
    assertThat(accessSecret.getSecret()).isEqualTo("encrypted_this_is_a_fresh_access_token");
    assertThat(accessSecret.notExpired()).isTrue();
    // Verify than refresh token has been refreshed, except for expiration date
    val refreshSecret = secretTable.getItem(new Secret(userIdAndToken.getUserId(), "fence_gen3_refresh", null, null)).get();
    assertThat(refreshSecret).isNotNull();
    assertThat(refreshSecret.getSecret()).isEqualTo("encrypted_this_is_a_fresh_refresh_token");
    assertThat(refreshSecret.getExpiration()).isEqualTo(expirationRefresh);
}
Also used : lombok.val(lombok.val) Secret(io.kidsfirst.core.model.Secret) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Example 40 with JSONObject

use of com.nimbusds.jose.shaded.json.JSONObject in project kf-key-management by kids-first.

the class DynamicProxyTests method testProxyWithAccessTokenExpired.

@Test
void testProxyWithAccessTokenExpired() {
    val expiration = now().minus(10, ChronoUnit.SECONDS).getEpochSecond();
    val userIdAndToken = createUserAndSecretAndObtainAccessToken("fence_gen3_access", "this_is_access_token", expiration);
    JSONObject content = new JSONObject();
    content.put("user_id", "119");
    content.put("username", "DoeJ");
    gen3VM.stubFor(get("/user/user").willReturn(ok(content.toJSONString()).withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)));
    webClient.get().uri("/gen3/user/user").accept(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + userIdAndToken.getAccessToken()).exchange().expectStatus().isUnauthorized();
}
Also used : lombok.val(lombok.val) JSONObject(com.nimbusds.jose.shaded.json.JSONObject) Test(org.junit.jupiter.api.Test)

Aggregations

JSONObject (com.nimbusds.jose.shaded.json.JSONObject)52 lombok.val (lombok.val)22 Test (org.junit.jupiter.api.Test)21 Secret (io.kidsfirst.core.model.Secret)10 JSONArray (com.nimbusds.jose.shaded.json.JSONArray)9 Map (java.util.Map)5 Slf4j (lombok.extern.slf4j.Slf4j)5 JWSObject (com.nimbusds.jose.JWSObject)4 FenceService (io.kidsfirst.core.service.FenceService)4 SecretService (io.kidsfirst.core.service.SecretService)4 ResponseEntity (org.springframework.http.ResponseEntity)4 JwtAuthenticationToken (org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken)4 org.springframework.web.bind.annotation (org.springframework.web.bind.annotation)4 IOException (java.io.IOException)3 ECPublicKey (java.security.interfaces.ECPublicKey)3 Flux (reactor.core.publisher.Flux)3 Mono (reactor.core.publisher.Mono)3 JsonNode (com.fasterxml.jackson.databind.JsonNode)2 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2 URI (java.net.URI)2